Description

The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.

Remediation

References

CVE-2013-2080

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8758)

WordPress Plugin Simple Custom CSS and JS Cross-Site Scripting (3.3)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)

ZenCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0697)

Joomla! Core 3.x.x SQL Injection (3.0.0 - 3.9.22)

Severity

Medium

Classification

CVE-2013-2080 CWE-264

Tags

Missing Update Known Vulnerabilities