Description
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-0253)
WordPress Plugin Responsive Category Slider Cross-Site Scripting (1.0)
WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)
Moodle Other Vulnerability (CVE-2007-3555)
WordPress Plugin BibleGet I/O Unspecified Vulnerability (3.4)