Description
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shopello API Cross-Site Scripting (2.9.0)
Oracle JRE CVE-2022-21341 Vulnerability (CVE-2022-21341)
WordPress Plugin WP Lead Management Cross-Site Scripting (3.0.0)
WordPress Plugin MapSVG Lite Cross-Site Request Forgery (4.2.4)
Jboss EAP Cryptographic Issues Vulnerability (CVE-2013-1921)