Vulnerability Database

290,922

Total vulnerabilities in the database

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.

  • Published: May 27, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-0217
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
moodle / moodle 2.6.1 2.6.1.x
moodle / moodle 2.6.2 2.6.2.x
moodle / moodle 2.6.0 2.6.0.x