← back
CVE-2015-3179

CVE-2015-3179

EPSS 1.5%
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090http://openwall.com/lists/oss-security/2015/05/18/1https://moodle.org/mod/forum/discuss.php?d=313686http://www.securityfocus.com/bid/74725http://www.securitytracker.com/id/1032358