Search for vulnerabilities
| Vulnerability ID | VCID-jmkp-5gsj-vfg7 |
| Aliases |
CVE-2011-4287
GHSA-j3x5-cwfj-pfcw |
| Summary | Moodle does not force password changes for autosubscribed users admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | http://git.moodle.org |
| generic_textual | MODERATE | http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da |
| generic_textual | MODERATE | http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da |
| generic_textual | MODERATE | http://moodle.org/mod/forum/discuss.php?d=175588 |
| generic_textual | MODERATE | http://openwall.com/lists/oss-security/2011/11/14/1 |
| epss | 0.00485 | https://api.first.org/data/v1/epss?cve=CVE-2011-4287 |
| epss | 0.00485 | https://api.first.org/data/v1/epss?cve=CVE-2011-4287 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-j3x5-cwfj-pfcw |
| generic_textual | MODERATE | https://nvd.nist.gov/vuln/detail/CVE-2011-4287 |
| Percentile | 0.64335 |
| EPSS Score | 0.00485 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:30:50.261633+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j3x5-cwfj-pfcw/GHSA-j3x5-cwfj-pfcw.json | 36.1.3 |