Description
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-2786 Vulnerability (CVE-2018-2786)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
Undertow Missing Authorization Vulnerability (CVE-2019-10184)
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Scripting (3.1.23)