Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-4407 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-4407

Medium
Reference: CVE-2012-4407
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-4407
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

lib/filelib.php in Moodle 2.1.x before 2.1.8 2.2.x before 2.2.5 and 2.3.x before 2.3.2 does not properly check the publication state of blog files which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.