CVE-2022-28601

MEDIUM

Simple 2FA Plugin for Moodle - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-28601. PoCs published by FlaviuPopescu.

AI-analyzed exploit summary The repository describes a 2FA bypass vulnerability in the Simple 2FA Plugin for Moodle, where an attacker can overwrite the phone number associated with an account to intercept 2FA codes. The PoC involves force-browsing to a specific URL to update the phone number without providing the 2FA code.

Description

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

Exploits (1)

nomisec WRITEUP 8 stars
by FlaviuPopescu · poc
https://github.com/FlaviuPopescu/CVE-2022-28601

The repository describes a 2FA bypass vulnerability in the Simple 2FA Plugin for Moodle, where an attacker can overwrite the phone number associated with an account to intercept 2FA codes. The PoC involves force-browsing to a specific URL to update the phone number without providing the 2FA code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Simple 2FA Plugin for Moodle by LMS Doctor
Auth required
Prerequisites: Access to a valid account username and password · Ability to intercept or force-browse to specific URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/FlaviuPopescu/CVE-2022-28601

Scores

CVSS v3 6.5
EPSS 0.0165
EPSS Percentile 73.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-863
Status published
Products (1)
lmsdoctor/2_factor_authentication
Published May 10, 2022
Tracked Since Feb 18, 2026