Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5480

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-5480
Last Modified 20 Jun 2013 11:14:50
Published 21 Nov 2012 07:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5480

Summary

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Vulnerable Systems

Application

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.1.7

  • Moodle 2.1.8

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.2


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=216160

MLIST - [oss-security] 20121119 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558

BID - 56505


Last Updated: 27 May 2016 10:40:46