Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2642)

Description

Moodle 3.x has user fullname disclosure on the user preferences page.

Remediation

References

Related Vulnerabilities

WordPress Plugin Sitemap Index Cross-Site Scripting (1.2.3)

PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)

WordPress Plugin Wp-D3 Cross-Site Request Forgery (2.4)

MySQL Resource Management Errors Vulnerability (CVE-2010-3837)

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

Severity

Medium

Classification

CVE-2017-2642 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities