Description

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

Remediation

References

CVE-2024-45689

Related Vulnerabilities

phpMyFAQ Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) Vulnerability (CVE-2023-1758)

WordPress Plugin WP Domain Redirect SQL Injection (1.0)

WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)

WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4941)

Severity

Medium

Classification

CVE-2024-45689 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities