Description
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-8580)
WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)
TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104)
WordPress Plugin WordPress Books Gallery Security Bypass (3.5)