Simple 2FA Plugin for Moodle Remote Phone Number Overwrite Vulnerability

Simple 2FA Plugin for Moodle Remote Phone Number Overwrite Vulnerability

CVE-2022-28601 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

Learn more about our Web Application Penetration Testing UK.