5

CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.

Data is provided by the National Vulnerability Database (NVD)
MoodleMoodle Version2.6.0
MoodleMoodle Version2.6.1
MoodleMoodle Version2.6.2
MoodleMoodle Version2.6.3
MoodleMoodle Version <= 2.3.11
MoodleMoodle Version2.3.0
MoodleMoodle Version2.3.1
MoodleMoodle Version2.3.2
MoodleMoodle Version2.3.3
MoodleMoodle Version2.3.4
MoodleMoodle Version2.3.5
MoodleMoodle Version2.3.6
MoodleMoodle Version2.3.7
MoodleMoodle Version2.3.8
MoodleMoodle Version2.3.9
MoodleMoodle Version2.3.10
MoodleMoodle Version2.5.0
MoodleMoodle Version2.5.1
MoodleMoodle Version2.5.2
MoodleMoodle Version2.5.3
MoodleMoodle Version2.5.4
MoodleMoodle Version2.5.5
MoodleMoodle Version2.5.6
MoodleMoodle Version2.7.0
MoodleMoodle Version2.4.0
MoodleMoodle Version2.4.1
MoodleMoodle Version2.4.2
MoodleMoodle Version2.4.3
MoodleMoodle Version2.4.4
MoodleMoodle Version2.4.5
MoodleMoodle Version2.4.6
MoodleMoodle Version2.4.7
MoodleMoodle Version2.4.8
MoodleMoodle Version2.4.9
MoodleMoodle Version2.4.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.487
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N