Description

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

Remediation

References

CVE-2009-4299

Related Vulnerabilities

WordPress Plugin The Plus Addons for Elementor Page Builder Lite Multiple Cross-Site Scripting Vulnerabilities (2.0.5)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6356)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5976)

MongoDb CVE-2024-7553 Vulnerability (CVE-2024-7553)

Severity

Medium

Classification

CVE-2009-4299 CWE-264

Tags

Missing Update Known Vulnerabilities