lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-05-22T20:00:00
Updated: 2024-08-05T23:17:50.708Z
Reserved: 2016-01-29T00:00:00
Link: CVE-2016-2158
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-05-22T20:59:07.223
Modified: 2020-12-01T14:54:51.107
Link: CVE-2016-2158
Redhat
No data.