WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3394)

Description

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.

Remediation

References

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)

WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Cross-Site Scripting (19.6.24)

Opencart CVE-2024-21519 Vulnerability (CVE-2024-21519)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.15)

Severity

Medium

Classification

CVE-2012-3394 CWE-200

Tags

Missing Update Known Vulnerabilities