CVE-2022-28601

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
lmsdoctor2_factor_authentication
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FlaviuPopescu/CVE-2022-28601
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
https://github.com/FlaviuPopescu/CVE-2022-28601
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle