Description

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

Remediation

References

CVE-2011-4288

Related Vulnerabilities

WordPress Plugin Affiliate Ads for Clickbank Products Cross-Site Scripting (1.6)

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-5301)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-6816)

WordPress Plugin AJAX Random Post Cross-Site Scripting (2.00)

Severity

Medium

Classification

CVE-2011-4288 CWE-264

Tags

Missing Update Known Vulnerabilities