Main Vulnerability Database Vulnerabilities #VU39807

#VU39807 Information disclosure in Moodle - CVE-2016-5014

Published: January 20, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39807

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-5014

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

Install update from vendor's website.