Description
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll Unspecified Vulnerability (1.5.8.5)
XWiki Improper Authentication Vulnerability (CVE-2022-36092)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2009-2446)
WordPress Plugin Integration for Contact Form 7 and Salesforce Cross-Site Scripting (1.2.4)