Description

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

Remediation

References

CVE-2015-3179

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2012-0050)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)

WordPress Other Vulnerability (CVE-2016-2221)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2609)

Oracle JRE CVE-2018-2581 Vulnerability (CVE-2018-2581)

Severity

Low

Classification

CVE-2015-3179 CWE-264

Tags

Missing Update Known Vulnerabilities