Description
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Remediation
References
Related Vulnerabilities
Oracle Database Server Improper Authentication Vulnerability (CVE-2012-3137)
XOOPS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-12138)
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)
WordPress Plugin article2pdf Multiple Vulnerabilities (0.27)
Owncloud Cross-site Scripting (XSS) Vulnerability (CVE-2020-16255)