Description
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Remediation
References
Related Vulnerabilities
WordPress Other Vulnerability (CVE-2006-6016)
WordPress Plugin Calendar Event Multi View SQL Injection (1.01)
Moodle Incorrect Authorization Vulnerability (CVE-2022-0984)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)