CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
Percentile
55.9%
The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.1.x prior to 2.1.6, or 2.2.x prior to 2.2.3 are exposed to the following vulnerabilities :
An information disclosure flaw that allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to “Enrolled users” under the Users Settings section. (MSA-12-0024 / CVE-2012-2353)
A flaw that may lead to an unauthorized information disclosure. The issue is triggered by an error in the ‘recent conversations’ functionality, which may allow a remote attacker to gain access to other user’s messages by manipulating URL parameters. (MSA-12-0025 / CVE-2012-2354)
A permissions flaw that is triggered when the ‘question:use’ permissions are not properly checked when adding questions to a quiz. This may allow an attacker to add arbitrary questions to a quiz. (MSA-12-0026 / CVE-2012-2355)
A flaw that is triggered by an error when handling access permissions in the question bank, which may allow a remote attacker to create arbitrary questions. (MSA-12-0027 / CVE-2012-2356)
A page in the CAS Authentication process was using an insecure HTTP URL that, apart from being insecure, sent the user in circles. (MSA-12-0028 / CVE-2012-2357)
A write access flaw that allows users to overwrite site-wide database activity presets created by other users. (MSA-12-0037 / CVE-2012-2366)
Binary data 8715.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2366
moodle.org/security
openwall.com/lists/oss-security/2012/05/23/2
www.nessus.org/u?9be67473
www.nessus.org/u?ae259627