Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4299)

Description

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

Remediation

References

CVE-2009-4299

Related Vulnerabilities

WordPress Plugin Admin Custom Login Cross-Site Request Forgery (3.2.7)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)

Serendipity Other Vulnerability (CVE-2009-4412)

Lighttpd Other Vulnerability (CVE-2005-0453)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595)

Severity

Medium

Classification

CVE-2009-4299 CWE-264