Description

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.

Remediation

References

CVE-2012-6105

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.8.3)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0825)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (4.0.10)

WordPress Plugin Quick Event Manager Multiple Vulnerabilities (9.7.4)

WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)

Severity

Medium

Classification

CVE-2012-6105 CWE-200

Tags

Missing Update Known Vulnerabilities