Vulnerabilities > Moodle > Moodle > 2.1.7

DATE CVE VULNERABILITY TITLE RISK
2012-09-19 CVE-2012-4408 Permissions, Privileges, and Access Controls vulnerability in Moodle
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
network
low complexity
moodle CWE-264
5.5
5.5
2012-09-19 CVE-2012-4407 Information Exposure vulnerability in Moodle
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.
network
low complexity
moodle CWE-200
5.0
5.0
2012-09-19 CVE-2012-4402 Permissions, Privileges, and Access Controls vulnerability in Moodle
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
network
moodle CWE-264
4.9
4.9