Description
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Remediation
References
Related Vulnerabilities
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3882)
Ruby Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16255)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)