Description
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
Remediation
References
Related Vulnerabilities
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7983)
WordPress Improper Input Validation Vulnerability (CVE-2013-4339)
WordPress Plugin Photoracer 'id' Parameter SQL Injection (1.0)
Oracle HTTP Server CVE-2021-25219 Vulnerability (CVE-2021-25219)
WordPress Plugin WP Security Safe Cross-Site Request Forgery (2.2.2)