VYPR
Unrated severityNVD Advisory· Published Jul 21, 2012· Updated Jun 16, 2026

CVE-2012-2354

CVE-2012-2354

Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Moodle/Moodle10 versions
    cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
    • (no CPE)range: >=2.1.0, <2.1.6 or >=2.2.0, <2.2.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.