Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1830)

Description

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.

Remediation

References

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2015-0288)

WordPress Plugin Advanced Ads-Ad Manager & AdSense Cross-Site Scripting (1.17.3)

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9863)

WordPress Plugin TAKETIN To WP Membership PHP Object Injection (1.2.7)

Severity

Medium

Classification

CVE-2013-1830 CWE-264

Tags

Missing Update Known Vulnerabilities