Description

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

Remediation

References

CVE-2024-48896

Related Vulnerabilities

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.5)

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)

Severity

Medium

Classification

CVE-2024-48896 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities