BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Moodle URL Manipulation Remote Account Information Disclosure Apr 04 2017 09:21AM
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-in
formation-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in ...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus