Description

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

Remediation

References

CVE-2011-4287

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.0.50)

Serendipity Other Vulnerability (CVE-2004-2525)

Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908)

WordPress Plugin YITH Product Size Charts for WooCommerce Security Bypass (1.1.11)

Severity

Medium

Classification

CVE-2011-4287 CWE-264

Tags

Missing Update Known Vulnerabilities