Description
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)
Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421)
MySQL CVE-2012-3166 Vulnerability (CVE-2012-3166)
WebLogic CVE-2023-21979 Vulnerability (CVE-2023-21979)
WordPress Plugin NextGEN Gallery-WordPress Gallery Arbitrary File Upload (1.9.12)