WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Credentials Management Errors Vulnerability (CVE-2011-4587)

Description

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Remediation

References

Related Vulnerabilities

WordPress Plugin Interactive Geo Maps Cross-Site Scripting (1.5.8)

WordPress Plugin 3D Product configurator for WooCommerce Arbitrary File Upload (1.5.531)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)

WordPress Plugin Check & Log Email Cross-Site Scripting (1.0.3)

Microsoft SQL Server Elevation of Privilege Vulnerability (CVE-2021-1636)

Severity

Medium

Classification

Tags

Missing Update Known Vulnerabilities