Security Advisory
CVE-2011-4288
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.