PT-2012-1827 · Moodle · Moodle

Amr Hourani

·

Publicado

2012-07-16

·

Atualizado

2022-05-13

·

CVE-2011-4279

CVSS v4.0

6.6

Média

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Name of the Vulnerable Software and Affected Versions Moodle versions 2.0.x through 2.0.1
Description The issue makes it easier for remote attackers to obtain potentially sensitive information via vectors involving the use of a search engine. This is because the forceloginforprofiles setting is not used for course-profiles access control.
Recommendations For Moodle versions 2.0.x through 2.0.1, update to version 2.0.2 or later to resolve the issue.

Correção

Information Disclosure

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-284

Identificadores relacionados

CVE-2011-4279
GHSA-PHQJ-XP48-7P7C

Produtos afetados

Moodle