Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-2158 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-2158

Medium
Reference: CVE-2016-2158
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2158
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

lib/ajax/getnavbranch.php in Moodle through 2.6.11 2.7.x before 2.7.13 2.8.x before 2.8.11 2.9.x before 2.9.5 and 3.0.x before 3.0.3 when the forcelogin feature is enabled allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.