Description
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4)
Django Incorrect Default Permissions Vulnerability (CVE-2020-24584)
WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.59)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)