Description
When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Remediation
References
Related Vulnerabilities
Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5900)
Oracle Database Server Other Vulnerability (CVE-2007-3856)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Cross-Site Scripting (3.9.1)