Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12157)

Description

In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.

Remediation

References

Related Vulnerabilities

Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3064)

MySQL CVE-2019-2798 Vulnerability (CVE-2019-2798)

osTicket Integer Overflow or Wraparound Vulnerability (CVE-2018-7194)

IBM WebSEAL Other Vulnerability (CVE-2023-30997)

Severity

Medium

Classification

CVE-2017-12157 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities