Description
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Other Vulnerability (CVE-2001-0344)
WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)
WordPress Plugin VKontakte API Cross-Site Scripting (2.7)
WordPress 3.8.3 Multiple Vulnerabilities (3.8 - 3.8.3)
Oracle Database Server CVE-2014-6537 Vulnerability (CVE-2014-6537)