Description

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Remediation

References

CVE-2010-1617

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0205)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-4040)

WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)

Oracle Database Server CVE-2006-3703 Vulnerability (CVE-2006-3703)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550)

Severity

Medium

Classification

CVE-2010-1617 CWE-264

Tags

Missing Update Known Vulnerabilities