Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4279


Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4279
Last Modified 16 Jul 2012 09:23:50
Published 16 Jul 2012 06:28:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

Vulnerable Systems


  • Moodle 2.0

  • Moodle 2.0.1


MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update


CONFIRM -;a=commit;h=81b58cc227cf96a1cd2e002cc210b7b3e376fd17

Last Updated: 27 May 2016 10:44:48