Description
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56505
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=216160
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/11/19/1
Scores
EPSS
0.0029
EPSS Percentile
52.9%
Details
CWE
CWE-264
Status
published
Products (18)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.1.3
moodle/moodle
2.1.4
moodle/moodle
2.1.5
moodle/moodle
2.1.6
moodle/moodle
2.1.7
moodle/moodle
2.1.8
moodle/moodle
2.2.0
... and 8 more
Published
Nov 21, 2012
Tracked Since
Feb 18, 2026