3 matches found
GHSA-JQ7X-GM9R-V8M7 Moodle allows attackers to obtain sensitive information
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher...
Information Disclosure
Moodle is vulnerable to information disclosures. The application sets certain group IDs to 0 upon a database-entry change, allowing a malicious user to view group-level entries after being edited by a user with a teacher role...
CVE-2014-7833
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher...