Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5480)

Description

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Remediation

References

CVE-2012-5480

Related Vulnerabilities

WordPress Plugin CopySafe Web Protection Cross-Site Request Forgery (2.5)

WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)

WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)

MySQL CVE-2024-21230 Vulnerability (CVE-2024-21230)

XWiki Improper Neutralization of Alternate XSS Syntax Vulnerability (CVE-2023-35158)

Severity

Medium

Classification

CVE-2012-5480 CWE-264