Description

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

Remediation

References

CVE-2011-4289

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2011-1471)

ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-7201)

WordPress Plugin Premium Addons for Elementor Security Bypass (4.5.1)

WordPress Plugin GA Universal Cross-Site Request Forgery (1.0)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)

Severity

Medium

Classification

CVE-2011-4289 CWE-264

Tags

Missing Update Known Vulnerabilities