CVE-2006-4940 Information

Description

login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.

Reference

http://docs.moodle.org/en/Release_notesMoodle_1.6.2