Ubuntu.comUB:CVE-2012-5480CVE-2012-5480
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS
Percentile
77.4%
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before
2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended
restrictions on reading other participants’ entries via an advanced search.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558
openwall.com/lists/oss-security/2012/11/19/1
launchpad.net/bugs/cve/CVE-2012-5480
moodle.org/mod/forum/discuss.php?d=216160
nvd.nist.gov/vuln/detail/CVE-2012-5480
security-tracker.debian.org/tracker/CVE-2012-5480
www.cve.org/CVERecord?id=CVE-2012-5480
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS
Percentile
77.4%