CVE-2012-5480 : The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote atta

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.

Published 2012-11-21 12:55:03

Updated 2020-12-01 14:52:18

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5480

Probability of exploitation activity in the next 30 days: 0.54%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5480

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-5480

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5480

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558

Official Moodle git projects - moodle.git/search
http://www.securityfocus.com/bid/56505

Moodle Multiple Security Vulnerabilities

CVEs referencing this url
https://moodle.org/mod/forum/discuss.php?d=216160

Moodle.org: MSA-12-0062: Information leak in Database activity module
Vendor Advisory
http://openwall.com/lists/oss-security/2012/11/19/1

oss-security - Moodle security notifications public

CVEs referencing this url

Products affected by CVE-2012-5480

Moodle » Moodle » Version: 2.2.0
cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.0
cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.1
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.2
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.3
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.5
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.4
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.2.1
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.2.2
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.3.0
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.2.3
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.6
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.2.4
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.3.1
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.7
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.1.8
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.2.5
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
Matching versions
Moodle » Moodle » Version: 2.3.2
cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-5480

Exploit prediction scoring system (EPSS) score for CVE-2012-5480

CVSS scores for CVE-2012-5480

CWE ids for CVE-2012-5480

References for CVE-2012-5480

Products affected by CVE-2012-5480