Description

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

Remediation

References

CVE-2016-2190

Related Vulnerabilities

Opencart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47444)

MediaWiki CVE-2023-45367 Vulnerability (CVE-2023-45367)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)

WordPress Plugin ShareThis:Free Sharing Buttons and Tools Cross-Site Request Forgery (7.0.5)

MediaWiki Resource Management Errors Vulnerability (CVE-2015-2942)

Severity

Medium

Classification

CVE-2016-2190 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities