6.8
CVE-2011-4287
- EPSS 2.07%
- Veröffentlicht 16.07.2012 10:28:36
- Zuletzt bearbeitet 16.06.2026 23:34:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.07% | 0.789 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://openwall.com/lists/oss-security/2011/11/14/1
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da
http://moodle.org/mod/forum/discuss.php?d=175588