Description
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-2884 Vulnerability (CVE-2020-2884)
WordPress Plugin Starbox-the Author Box for Humans Cross-Site Scripting (3.0.8)
TYPO3 CVE-2024-25118 Vulnerability (CVE-2024-25118)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (2.3.12)
WordPress Plugin Timeline Event History PHP Object Injection (3.1)