Description
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0837)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2024-1635)
MySQL CVE-2022-21289 Vulnerability (CVE-2022-21289)
WordPress Plugin Comment Attachment Cross-Site Scripting (1.5.5)