Total vulnerabilities in the database
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
| Software | From | Fixed in |
|---|---|---|
| moodle / moodle | 2.7.1 | 2.7.1.x |
| moodle / moodle | 2.5.1 | 2.5.1.x |
| moodle / moodle | 2.6.10 | 2.6.10.x |
| moodle / moodle | 2.8.3 | 2.8.3.x |
| moodle / moodle | 2.5.3 | 2.5.3.x |
| moodle / moodle | 2.7.6 | 2.7.6.x |
| moodle / moodle | 2.5.7 | 2.5.7.x |
| moodle / moodle | 2.7.2 | 2.7.2.x |
| moodle / moodle | 2.6.7 | 2.6.7.x |
| moodle / moodle | 2.7.4 | 2.7.4.x |
| moodle / moodle | 2.5.5 | 2.5.5.x |
| moodle / moodle | 2.6.1 | 2.6.1.x |
| moodle / moodle | 2.5.2 | 2.5.2.x |
| moodle / moodle | 2.8.4 | 2.8.4.x |
| moodle / moodle | 2.5.8 | 2.5.8.x |
| moodle / moodle | 2.5.6 | 2.5.6.x |
| moodle / moodle | - | 2.5.9.x |
| moodle / moodle | 2.6.5 | 2.6.5.x |
| moodle / moodle | 2.7.5 | 2.7.5.x |
| moodle / moodle | 2.7.3 | 2.7.3.x |
| moodle / moodle | 2.6.2 | 2.6.2.x |
| moodle / moodle | 2.7.0 | 2.7.0.x |
| moodle / moodle | 2.6.8 | 2.6.8.x |
| moodle / moodle | 2.8.1 | 2.8.1.x |
| moodle / moodle | 2.6.4 | 2.6.4.x |
| moodle / moodle | 2.6.9 | 2.6.9.x |
| moodle / moodle | 2.8.5 | 2.8.5.x |
| moodle / moodle | 2.5.4 | 2.5.4.x |
| moodle / moodle | 2.6.3 | 2.6.3.x |
| moodle / moodle | 2.6.6 | 2.6.6.x |
| moodle / moodle | 2.8.2 | 2.8.2.x |
| moodle / moodle | 2.7.7 | 2.7.7.x |
| moodle / moodle | 2.5.0 | 2.5.0.x |
| moodle / moodle | 2.6.0 | 2.6.0.x |
| moodle / moodle | 2.8.0 | 2.8.0.x |