8 matches found
EUVD-2022-3806
Malicious code in bioql PyPI...
Moodle allows attackers to discover hidden course names
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
Course Name Disclosure
Moodle is vulnerable to course name disclosure. Authenticated attackers can leverage a flaw in admin/tool/monitor/lib.php to find hidden course names by subscribing to rules. These attacks are possible because moodle ignores the moodle/course:viewhiddencourses capability...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
Design/Logic Flaw
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
Moodle’s Event Monitor (admin/tool/monitor/lib.php) in versions 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not honor moodle/course:viewhiddencourses, allowing remote authenticated users to discover hidden course names by subscribing to a rule. Impact is partial confident...