Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2006-4940

login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.

Published: Sep 23, 2006
Updated: Nov 9, 2025
CVE: CVE-2006-4940
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
moodle / moodle	-	1.6.1.x
moodle / moodle	1.6.0	1.6.0.x

http://docs.moodle.org/en/Release_notes#Moodle_1.6.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo