Description

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

Remediation

References

CVE-2015-3176

Related Vulnerabilities

MySQL CVE-2020-2921 Vulnerability (CVE-2020-2921)

WordPress Plugin Qyrr-simply and modern QR-Code creation Cross-Site Scripting (0.6)

Oracle Database Server CVE-2008-2607 Vulnerability (CVE-2008-2607)

WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)

WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.56)

Severity

Medium

Classification

CVE-2015-3176 CWE-200

Tags

Missing Update Known Vulnerabilities