CVE-2010-1613
Description
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the Regenerate session id during login setting by default, which makes it easier for remote attackers to conduct session fixation attacks.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.447
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update moodle 1.9.7 to latest version | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234