Description
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21650)
WordPress Plugin Flexible Checkout Fields for WooCommerce Security Bypass (2.3.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Request Forgery (1.22.24)