CVE-2013-1835

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

Published: Mar 25, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-1835
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.0.2	2.0.2.x
moodle / moodle	2.0.1	2.0.1.x
moodle / moodle	2.1.2	2.1.2.x
moodle / moodle	2.0.4	2.0.4.x
moodle / moodle	2.1.10	2.1.10.x
moodle / moodle	2.1.8	2.1.8.x
moodle / moodle	2.1.9	2.1.9.x
moodle / moodle	2.0.3	2.0.3.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.1.5	2.1.5.x
moodle / moodle	2.1.6	2.1.6.x
moodle / moodle	2.0.6	2.0.6.x
moodle / moodle	2.0.5	2.0.5.x
moodle / moodle	2.1.3	2.1.3.x
moodle / moodle	2.0.9	2.0.9.x
moodle / moodle	2.0.8	2.0.8.x
moodle / moodle	2.1.7	2.1.7.x
moodle / moodle	2.0.7	2.0.7.x
moodle / moodle	2.1.4	2.1.4.x
moodle / moodle	2.0.0	2.0.0.x
moodle / moodle	2.1.0	2.1.0.x
moodle / moodle	2.2.2	2.2.2.x
moodle / moodle	2.2.6	2.2.6.x
moodle / moodle	2.2.1	2.2.1.x
moodle / moodle	2.2.7	2.2.7.x
moodle / moodle	2.2.3	2.2.3.x
moodle / moodle	2.2.5	2.2.5.x
moodle / moodle	2.2.4	2.2.4.x
moodle / moodle	2.2.0	2.2.0.x
moodle / moodle	2.3.4	2.3.4.x
moodle / moodle	2.3.1	2.3.1.x
moodle / moodle	2.3.3	2.3.3.x
moodle / moodle	2.3.2	2.3.2.x
moodle / moodle	2.3.0	2.3.0.x
moodle / moodle	2.4.1	2.4.1.x
moodle / moodle	2.4.0	2.4.0.x

Vulnerability Database

314,343

CVE-2013-1835

Deep Security Visibility Without the Complexity