Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

CVE-2013-2082

Related Vulnerabilities

Oracle JRE CVE-2023-22081 Vulnerability (CVE-2023-22081)

WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)

Sqlite Other Vulnerability (CVE-2022-46908)

WordPress Plugin Mingle Forum Cross-Site Scripting (1.0.28)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)

Severity

Medium

Classification

CVE-2013-2082 CWE-264

Tags

Missing Update Known Vulnerabilities