Information Disclosure Vulnerability in Moodle

Information Disclosure Vulnerability in Moodle

CVE-2016-2190 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

Learn more about our Web Application Penetration Testing UK.