User E-mail Address Disclosure in Moodle Messaging Interface

CVE-2011-4593 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.

Learn more about our User Device Pen Test.