Description
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-0382 Vulnerability (CVE-2015-0382)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2024-25605)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
WordPress Plugin WordPress Poll Multiple Unspecified Vulnerabilities (35.0)
WordPress Plugin Redirection Cross-Site Request Forgery (1.1.4)