Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-7833 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2014-7833

Medium
Reference: CVE-2014-7833
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-7833
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

mod/data/edit.php in Moodle through 2.4.11 2.5.x before 2.5.9 2.6.x before 2.6.6 and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.