Description

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

Remediation

References

CVE-2014-7831

Related Vulnerabilities

WordPress Plugin Daily Inspiration Generator Cross-Site Scripting (2.0)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43705)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Unspecified Vulnerability (1.2.6)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)

PostgreSQL Other Vulnerability (CVE-2009-4136)

Severity

Medium

Classification

CVE-2014-7831 CWE-200

Tags

Missing Update Known Vulnerabilities