3 matches found
Moodle 2.7.x < 2.7.3 Information Disclosure
Binary data 8718.prm...
CVE-2014-7831
lib/classes/gradesexternal.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the getgrades web service...
CVE-2014-7831
Moodle 2.7.x before 2.7.3 exposes hidden grades via lib/classes/grades_external.php because it does not enforce moodle/grade:viewhidden before displaying grades. This affects remote authenticated users (e.g., students) who can access hidden grades through the get_grades web service. The vulnerabi...