lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-05-22T20:00:00

Updated: 2024-08-05T23:17:50.708Z

Reserved: 2016-01-29T00:00:00

Link: CVE-2016-2158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-05-22T20:59:07.223

Modified: 2020-12-01T14:54:51.107

Link: CVE-2016-2158

cve-icon Redhat

No data.