Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2643)

Description

In Moodle 3.2.x, global search displays user names for unauthenticated users.

Remediation

References

Related Vulnerabilities

WordPress Plugin Events Manager Unspecified Vulnerability (5.5.5)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7373)

WordPress Plugin Responsive Media Gallery for WordPress-Everest Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

PHP Improper Input Validation Vulnerability (CVE-2012-2336)

MySQL CVE-2018-2703 Vulnerability (CVE-2018-2703)

Severity

Medium

Classification

CVE-2017-2643 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities