Description

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

Remediation

References

CVE-2010-1613

Related Vulnerabilities

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0327)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.0)

Oracle Database Server CVE-2014-6563 Vulnerability (CVE-2014-6563)

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Multiple Cross-Site Request Forgery Vulnerabilities (1.1.4)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3240)

Severity

Medium

Classification

CVE-2010-1613 CWE-287

Tags

Missing Update Known Vulnerabilities