Unrated severityNVD Advisory· Published Sep 23, 2006· Updated Jun 16, 2026

CVE-2006-4940

Description

login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.

Affected products

Moodle/Moodle3 versions
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=1.6.1
- cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
- (no CPE)range: <1.6.2

Patches

Vulnerability mechanics

References

docs.moodle.org/en/Release_notesnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000