Arbitrary Message Reading Vulnerability in Moodle 2.1.x and 2.2.x

Arbitrary Message Reading Vulnerability in Moodle 2.1.x and 2.2.x

CVE-2012-2354 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

Learn more about our User Device Pen Test.