Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
BID:53629
Info
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
| Bugtraq ID: | 53629 |
| Class: | Design Error |
| CVE: |
CVE-2012-2353 CVE-2012-2354 CVE-2012-2355 CVE-2012-2356 |
| Remote: | Yes |
| Local: | No |
| Published: | May 21 2012 12:00AM |
| Updated: | Apr 13 2015 10:06PM |
| Credit: | Andreas Grupp, Juan Aburto and Tim Hunt |
| Vulnerable: |
Moodle Moodle 2.2.2 Moodle Moodle 2.2.1 Moodle Moodle 2.1.5 Moodle Moodle 2.1.4 Moodle Moodle 2.1.2 Moodle Moodle 2.1.1 Moodle Moodle 2.2.2+ Moodle Moodle 2.2 Moodle Moodle 2.1.5+ Moodle Moodle 2.1.3 Moodle Moodle 2.1 |
| Not Vulnerable: |
Moodle Moodle 2.2.3 Moodle Moodle 2.1.6 |
Discussion
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
Moodle is prone to multiple information-disclosure and security-bypass vulnerabilities.
An attacker may exploit these issues to obtain sensitive information and bypass certain security restrictions.
Moodle is prone to multiple information-disclosure and security-bypass vulnerabilities.
An attacker may exploit these issues to obtain sensitive information and bypass certain security restrictions.
Exploit / POC
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
Attackers can exploit these issues using browser or readily available tools.
Attackers can exploit these issues using browser or readily available tools.
Solution / Fix
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
References:
References:
- Moodle Homepage (Moodle)
- MSA-12-0024: Hidden information access issue (Moodle)
- MSA-12-0025: Personal communication access issue (Moodle)
- MSA-12-0026: Quiz capability issue (Moodle)
- MSA-12-0027: Question bank capability issues (Moodle)