Description
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.
Remediation
References
Related Vulnerabilities
WordPress Plugin Commentator Cross-Site Scripting (2.5.2)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0168)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23)
Magento CVE-2020-9585 Vulnerability (CVE-2020-9585)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2022-3754)