Description

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

Remediation

References

CVE-2011-4289

Related Vulnerabilities

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)

WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)

Drupal Other Vulnerability (CVE-2006-2742)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7571)

PostgreSQL Missing Authorization Vulnerability (CVE-2024-4317)

Severity

Medium

Classification

CVE-2011-4289 CWE-264

Tags

Missing Update Known Vulnerabilities