Description
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooPay-Inicis Cross-Site Scripting (1.1.3)
WordPress Plugin Redirection Multiple Cross-Site Scripting Vulnerabilities (2.2.11)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0301)
WordPress Plugin Insert Pages Directory Traversal (3.2.3)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37148)