Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

Remediation

References

CVE-2013-2081

Related Vulnerabilities

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (3.7.9.2)

PostgreSQL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-0241)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-1868)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0933)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

Severity

Medium

Classification

CVE-2013-2081 CWE-264

Tags

Missing Update Known Vulnerabilities