The file_browser
component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
moodle.org/mod/forum/discuss.php?d=188311
bugzilla.redhat.com/show_bug.cgi?id=747444
github.com/moodle/moodle
github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be
github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f
github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00
nvd.nist.gov/vuln/detail/CVE-2011-4300