Main Vulnerability Database Vulnerabilities #VU43315

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-5480

Published: November 21, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43315

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-5480

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

How to mitigate CVE-2012-5480

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558
http://openwall.com/lists/oss-security/2012/11/19/1
http://www.securityfocus.com/bid/56505
https://moodle.org/mod/forum/discuss.php?d=216160

Permissions, Privileges, and Access Controls in Moodle - CVE-2012-5480

Detailed vulnerability description

How to mitigate CVE-2012-5480

Sources

Please verify you're human