Information Disclosure

2017-07-0318:52:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

36.1%

JSON

Moodle is vulnerable to information disclosure. Authenticated users can obtain sensitive information through a request for all course feedback within a specific time frame. This can happen because mod/feedback/lib.php doesn’t check the mod/feedback:view before displaying recent feedback.