4 matches found
Information Leakage
Moodle is vulnerable to information leakage. When RSS tokens are used to impersonate another user, rss/file.php shows a rss feed error shows block information of the impersonated user...
CVE-2013-2245
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed...
Code injection
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed...
CVE-2013-2245
CVE-2013-2245 affects Moodle up to 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1. The issue arises from improper RSS token handling for impersonation, allowing remote authenticated users to read an RSS feed and obtain sensitive block information. Conn...