Description

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Remediation

References

CVE-2010-1617

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0198)

MySQL CVE-2018-3195 Vulnerability (CVE-2018-3195)

Perl Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-12723)

Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)

MySQL CVE-2020-2577 Vulnerability (CVE-2020-2577)

Severity

Medium

Classification

CVE-2010-1617 CWE-264

Tags

Missing Update Known Vulnerabilities