lib/ajax/getnavbranch.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.13, 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3, when the forcelogin feature is enabled, allows remote malicious users to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
moodle moodle 2.9.0 |
||
moodle moodle 2.8.10 |
||
moodle moodle 2.8.3 |
||
moodle moodle 2.8.2 |
||
moodle moodle 2.7.6 |
||
moodle moodle 2.7.5 |
||
moodle moodle |
||
moodle moodle 3.0.0 |
||
moodle moodle 2.9.4 |
||
moodle moodle 2.9.3 |
||
moodle moodle 2.8.7 |
||
moodle moodle 2.8.6 |
||
moodle moodle 2.7.12 |
||
moodle moodle 2.7.9 |
||
moodle moodle 2.7.2 |
||
moodle moodle 2.7.11 |
||
moodle moodle 2.7.10 |
||
moodle moodle 3.0.2 |
||
moodle moodle 3.0.1 |
||
moodle moodle 2.8.9 |
||
moodle moodle 2.8.8 |
||
moodle moodle 2.8.1 |
||
moodle moodle 2.8.0 |
||
moodle moodle 2.7.4 |
||
moodle moodle 2.7.3 |
||
moodle moodle 2.9.2 |
||
moodle moodle 2.9.1 |
||
moodle moodle 2.8.5 |
||
moodle moodle 2.8.4 |
||
moodle moodle 2.7.8 |
||
moodle moodle 2.7.7 |
||
moodle moodle 2.7.1 |
||
moodle moodle 2.7.0 |
Vulmon