Description

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Remediation

References

CVE-2011-4287

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2024-1635)

MySQL CVE-2022-21289 Vulnerability (CVE-2022-21289)

WordPress Plugin Comment Attachment Cross-Site Scripting (1.5.5)

Severity

Medium

Classification

CVE-2011-4287 CWE-264

Tags

Missing Update Known Vulnerabilities