CVE-2010-1613: Moodle Session Fixation vulnerability

May 13, 2022 (updated October 31, 2025)

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the “Regenerate session id during login” setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

References

github.com/advisories/GHSA-j5rc-cr5w-vfg6
github.com/moodle/moodle
nvd.nist.gov/vuln/detail/CVE-2010-1613

Code Behaviors & Features

Detect and mitigate CVE-2010-1613 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →