Description
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2439 Vulnerability (CVE-2013-2439)
Dolibarr Improper Privilege Management Vulnerability (CVE-2020-14201)
Grafana CVE-2023-4399 Vulnerability (CVE-2023-4399)
WordPress Plugin Simple Retail Menus SQL Injection (4.0.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)