Description
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/05/23/2
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
Scores
EPSS
0.0018
EPSS Percentile
38.7%
Details
CWE
CWE-200
Status
published
Products (10)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.1.3
moodle/moodle
2.1.4
moodle/moodle
2.1.5
moodle/moodle
2.2.0
moodle/moodle
2.2.1
moodle/moodle
2.2.2
moodle/moodle
2.1 - 2.1.6Packagist
Published
Jul 21, 2012
Tracked Since
Feb 18, 2026