Description

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.

Remediation

References

CVE-2014-0124

Related Vulnerabilities

MySQL CVE-2013-5770 Vulnerability (CVE-2013-5770)

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

Squid Improper Input Validation Vulnerability (CVE-2020-8517)

MySQL CVE-2019-3004 Vulnerability (CVE-2019-3004)

WordPress Plugin MoodThingy Mood Rating Widget 'postID' Parameter Blind SQL Injection (0.8.7)

Severity

Medium

Classification

CVE-2014-0124 CWE-264

Tags

Missing Update Known Vulnerabilities