Description

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

Remediation

References

CVE-2015-3179

Related Vulnerabilities

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-29053)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)

WebLogic CVE-2020-2547 Vulnerability (CVE-2020-2547)

RubyGems Improper Input Validation Vulnerability (CVE-2017-0901)

WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)

Severity

Low

Classification

CVE-2015-3179 CWE-264

Tags

Missing Update Known Vulnerabilities