Description

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

Remediation

References

CVE-2011-4309

Related Vulnerabilities

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3056)

WordPress Plugin WP to Twitter Authorization Bypass (2.9.3)

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

Severity

Medium

Classification

CVE-2011-4309 CWE-264

Tags

Missing Update Known Vulnerabilities