Description
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)
WordPress Plugin Breezing Forms SQL Injection (1.2.7.30)
WordPress Plugin Stream Cross-Site Scripting (3.0.5)
Microsoft SQL Server Other Vulnerability (CVE-2000-1088)
WordPress Plugin Smart Slideshow 'upload.php' Arbitrary File Upload (2.1)