Bypassing Login Restrictions in Moodle through Unconfirmed Suspended Account

CVE-2015-3179 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

Learn more about our User Device Pen Test.