Moodle is vulnerable to information disclosure. The attack exists because notes/index.php
and user/edit.php
does not check for permission for access to certain pages. This allows a malicious user to obtain sensitive information such as account username and course information through a modified URL.