Description
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.24)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-28032)
WordPress Plugin Spiffy XSPF Player SQL Injection (0.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5340)