| Topic: | accessible profiles of deleted users |
| Severity: | Major |
| Versions affected: | <1.6.7, <1.7.5, <1.8.6, <1.9.2 |
| Reported by: | Debbie McDonald and Mauno Korpelainen |
| Issue no.: | MDL-15516 |
| Solution: | upgrade to 1.6.7, 1.7.5, 1.8.6, 1.9.2 or any recent nightly or use patch http://cvs.moodle.org/moodle/user/view.php?r1=1.123.2.8&r2=1.123.2.9 |
Description:
Profiles of deleted users were accessible which allowed spammers to abuse user profiles on some sites. Also please make sure that you have "Force users to login for profiles" set as enabled in admin settings if your site allows registering of new users.