Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Remediation

References

CVE-2012-5480

Related Vulnerabilities

WordPress Plugin Gwolle Guestbook Cross-Site Scripting (2.5.3)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5230)

WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3543)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25627)

Severity

Medium

Classification

CVE-2012-5480 CWE-264

Tags

Missing Update Known Vulnerabilities