Description
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2007-3856)
MediaWiki Incorrect Authorization Vulnerability (CVE-2021-36132)
WordPress Plugin Catch Themes Demo Import Unspecified Vulnerability (1.8)
WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.3)
WordPress Plugin Easy Redirect Manager Cross-Site Scripting (2.18.18)