Description

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.

Remediation

References

CVE-2015-3180

Related Vulnerabilities

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20225)

WordPress Plugin Advanced Database Cleaner SQL Injection (3.0.1)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.2)

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)

Severity

Medium

Classification

CVE-2015-3180 CWE-200

Tags

Missing Update Known Vulnerabilities