Inadequate Association Implementation in Moodle Allows Unauthorized Access to Quiz Reports

Inadequate Association Implementation in Moodle Allows Unauthorized Access to Quiz Reports

CVE-2011-4288 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

Learn more about our User Device Pen Test.