Description
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
Remediation
References
Related Vulnerabilities
JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)
Django Improper Input Validation Vulnerability (CVE-2019-3498)
MySQL CVE-2018-2767 Vulnerability (CVE-2018-2767)
Oracle JRE CVE-2012-5076 Vulnerability (CVE-2012-5076)
WordPress Plugin Stockdio Historical Chart Cross-Site Scripting (2.7.2)