Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.

Remediation

References

CVE-2012-5473

Related Vulnerabilities

Joomla Improper Access Control Vulnerability (CVE-2016-9838)

Joomla! Core 2.5.x Arbitrary File Upload (2.5.0 - 2.5.13)

Drupal Other Vulnerability (CVE-2006-1227)

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39118)

WordPress Plugin WP Open Social Cross-Site Scripting (5.0)

Severity

Medium

Classification

CVE-2012-5473 CWE-200

Tags

Missing Update Known Vulnerabilities