Bypassing Participant Entry Restrictions in Moodle Database Activity Module

Bypassing Participant Entry Restrictions in Moodle Database Activity Module

CVE-2012-5480 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Learn more about our Web Application Penetration Testing UK.