Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.

Remediation

References

CVE-2012-5473

Related Vulnerabilities

WordPress Plugin Under Construction, Coming Soon & Maintenance Mode Multiple Vulnerabilities (1.1.1)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5881)

WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4)

WordPress Plugin Image News slider Arbitrary File Upload (3.5)

WordPress Plugin WP Fastest Cache Local File Inclusion (0.8.5.9)

Severity

Medium

Classification

CVE-2012-5473 CWE-200

Tags

Missing Update Known Vulnerabilities