Description

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.

Remediation

References

CVE-2014-3546

Related Vulnerabilities

ZenCart Other Vulnerability (CVE-2009-4323)

WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Unspecified Vulnerability (1.7.12)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0831)

WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2014-3546 CWE-264

Tags

Missing Update Known Vulnerabilities