Description

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

Remediation

References

CVE-2015-2272

Related Vulnerabilities

WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1725)

WordPress Plugin Terillion Reviews Profile Id Cross-Site Scripting (1.1)

XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)

WordPress Plugin Filter & Grids Local File Inclusion (2.8.32)

Severity

Medium

Classification

CVE-2015-2272 CWE-264

Tags

Missing Update Known Vulnerabilities