Description
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3747)
Microsoft SQL Server Other Vulnerability (CVE-2000-1085)
WordPress Plugin NextGEN Gallery-WordPress Gallery Unspecified Vulnerability (2.2.46)
WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)
WordPress Plugin Ultimate Membership Pro Security Bypass (8.6)