Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Remediation

References

CVE-2012-5480

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.3.1)

Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799)

Oracle Database Server CVE-2009-1015 Vulnerability (CVE-2009-1015)

MySQL CVE-2013-3796 Vulnerability (CVE-2013-3796)

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5494)

Severity

Medium

Classification

CVE-2012-5480 CWE-264

Tags

Missing Update Known Vulnerabilities