exploitDog

CVE-2022-28601

Опубликовано: 10 мая 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

Ссылки

https://github.com/FlaviuPopescu/CVE-2022-28601
Exploit
Third Party Advisory
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
Product
https://github.com/FlaviuPopescu/CVE-2022-28601
Exploit
Third Party Advisory
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lmsdoctor:2_factor_authentication:-:*:*:*:*:moodle:*:*

EPSS

Процентиль: 90%

0.05579

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-pghm-m86j-5288

CVSS3: 6.5

github

больше 3 лет назад

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

EPSS

Процентиль: 90%

0.05579

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863