CVE-2012-0793
Moodle 1.9.x < 1.9.16, 2.0.x < 2.0.7, 2.1.x < 2.1.4, 2.2.x < 2.2.1 - Unauthenticated Arbitrary User Profile Image Access
Title source: llmDescription
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=194012
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2421
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=783532
Scores
EPSS
0.0046
EPSS Percentile
64.0%
Details
CWE
CWE-264
Status
published
Products (27)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 17 more
Published
Jul 17, 2012
Tracked Since
Feb 18, 2026