Information Disclosure
Moodle is vulnerable to information disclosure. The library functions coreenrolgetcourseenrolmentmethods and enrolselfgetinstanceinfo don't check course visibility permissions, allowing a malicious user to access hidden courses...