Description
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2007-5515 Vulnerability (CVE-2007-5515)
WordPress Plugin Podcast Subscribe Buttons Cross-Site Scripting (1.4.1)
Play Framework Out-of-bounds Write Vulnerability (CVE-2020-27196)
PHP Other Vulnerability (CVE-2014-4670)
phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7143)