GHSA-C3VX-V4X8-X894 Moodle does not check for the moodle/course:viewhiddencourses capability

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

Moodle does not check for the moodle/course:viewhiddencourses capability

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

CVE-2014-0217

The CVE-2014-0217 entry concerns Moodle 2.6.x (before 2.6.3) where enrol/index.php fails to verify the moodle/course:viewhiddencourses capability before listing hidden courses. This allows remote attackers, leveraging the guest role, to disclose sensitive course names and summaries by visiting a ...