Description

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

Remediation

References

CVE-2013-2245

Related Vulnerabilities

WordPress Plugin Users Ultra SQL Injection (1.4.35)

GlassFish Improper Authentication Vulnerability (CVE-2017-1000030)

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (5.9.0)

WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (4.0.4)

WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)

Severity

Medium

Classification

CVE-2013-2245 CWE-287

Tags

Missing Update Known Vulnerabilities