CVE-2016-2158
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
| Software | From | Fixed in |
|---|---|---|
moodle / moodle
|
2.7.1 | 2.7.1.x |
|
moodle / moodle
|
2.8.3 | 2.8.3.x |
|
moodle / moodle
|
2.8.7 | 2.8.7.x |
|
moodle / moodle
|
2.7.6 | 2.7.6.x |
|
moodle / moodle
|
2.7.11 | 2.7.11.x |
|
moodle / moodle
|
2.7.2 | 2.7.2.x |
|
moodle / moodle
|
2.7.4 | 2.7.4.x |
|
moodle / moodle
|
2.9.4 | 2.9.4.x |
|
moodle / moodle
|
2.8.9 | 2.8.9.x |
|
moodle / moodle
|
2.7.9 | 2.7.9.x |
|
moodle / moodle
|
2.8.10 | 2.8.10.x |
|
moodle / moodle
|
2.8.4 | 2.8.4.x |
|
moodle / moodle
|
2.8.6 | 2.8.6.x |
|
moodle / moodle
|
3.0.2 | 3.0.2.x |
|
moodle / moodle
|
2.7.12 | 2.7.12.x |
|
moodle / moodle
|
- | 2.6.11.x |
|
moodle / moodle
|
2.7.10 | 2.7.10.x |
|
moodle / moodle
|
2.7.5 | 2.7.5.x |
|
moodle / moodle
|
3.0.1 | 3.0.1.x |
|
moodle / moodle
|
2.7.3 | 2.7.3.x |
|
moodle / moodle
|
2.8.8 | 2.8.8.x |
|
moodle / moodle
|
2.7.0 | 2.7.0.x |
|
moodle / moodle
|
3.0.0 | 3.0.0.x |
|
moodle / moodle
|
2.9.1 | 2.9.1.x |
|
moodle / moodle
|
2.8.1 | 2.8.1.x |
|
moodle / moodle
|
2.8.5 | 2.8.5.x |
|
moodle / moodle
|
2.9.2 | 2.9.2.x |
|
moodle / moodle
|
2.7.8 | 2.7.8.x |
|
moodle / moodle
|
2.9.3 | 2.9.3.x |
|
moodle / moodle
|
2.8.2 | 2.8.2.x |
|
moodle / moodle
|
2.7.7 | 2.7.7.x |
|
moodle / moodle
|
2.8.0 | 2.8.0.x |
|
moodle / moodle
|
2.9.0 | 2.9.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime