CVE-2013-2245

Moodle - Authentication Bypass

Title source: rule

Description

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

References (2)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818

[Various Sources] https://moodle.org/mod/forum/discuss.php?d=232502

Scores

EPSS 0.0016

EPSS Percentile 37.0%

Classification

CWE

CWE-287

Status draft

Affected Products (36)

moodle/moodle

... and 21 more

Timeline

Published Jul 29, 2013

Tracked Since Feb 18, 2026