CVE-2006-4940
Moodle < 1.6.2 - Information Disclosure via Forgot Password Find Action
Title source: llmDescription
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
Scores
EPSS
0.0035
EPSS Percentile
57.3%
Details
Status
published
Products (2)
moodle/moodle
1.6.0
moodle/moodle
< 1.6.1
Published
Sep 23, 2006
Tracked Since
Feb 18, 2026