CVE Vulnerabilities

CVE-2012-3390

Published: Jul 23, 2012 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.2.2 2.2.2
Moodle Moodle 2.1.2 2.1.2
Moodle Moodle 2.1.1 2.1.1
Moodle Moodle 2.1.5 2.1.5
Moodle Moodle 2.1.6 2.1.6
Moodle Moodle 2.1.3 2.1.3
Moodle Moodle 2.2.1 2.2.1
Moodle Moodle 2.2.3 2.2.3
Moodle Moodle 2.1.4 2.1.4
Moodle Moodle 2.1.0 2.1.0
Moodle Moodle 2.2.0 2.2.0

References