Description
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=188311
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=747444
Scores
EPSS
0.0026
EPSS Percentile
49.4%
Details
CWE
CWE-264
Status
published
Products (8)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1 - 2.1.2Packagist
Published
Jul 11, 2012
Tracked Since
Feb 18, 2026