Description

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Remediation

References

CVE-2011-4287

Related Vulnerabilities

Oracle JRE CVE-2014-2413 Vulnerability (CVE-2014-2413)

WordPress Plugin Custom Content Type Manager 'upload_form.php' Arbitrary File Upload (0.9.5.13)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-41414)

WordPress Plugin Rotating Testimonial Cross-Site Scripting (1.1)

Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46846)

Severity

Medium

Classification

CVE-2011-4287 CWE-264

Tags

Missing Update Known Vulnerabilities