Description

login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.

Remediation

References

CVE-2006-4940

Related Vulnerabilities

jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)

Moodle Other Vulnerability (CVE-2004-1425)

MySQL CVE-2022-21302 Vulnerability (CVE-2022-21302)

Jenkins Missing Authorization Vulnerability (CVE-2021-21688)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.9)

Severity

Medium

Classification

CVE-2006-4940

Tags

Missing Update Known Vulnerabilities