Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4288)

Description

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

Remediation

References

CVE-2011-4288

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2005-3772)

PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2008-0599)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2601)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-6270)

Severity

Medium

Classification

CVE-2011-4288 CWE-264