Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2011-4300

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

Published: Jul 11, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-4300
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.0.2	2.0.2.x
moodle / moodle	2.0.1	2.0.1.x
moodle / moodle	2.0.4	2.0.4.x
moodle / moodle	2.0.3	2.0.3.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.0.0	2.0.0.x
moodle / moodle	2.1.0	2.1.0.x

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
http://moodle.org/mod/forum/discuss.php?d=188311
https://bugzilla.redhat.com/show_bug.cgi?id=747444

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo