Description
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
Exploits (1)
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
Exploit, Third Party Advisory x_refsource_misc
https://github.com/FlaviuPopescu/CVE-2022-28601
Scores
CVSS v3
6.5
EPSS
0.0558
EPSS Percentile
90.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (1)
lmsdoctor/2_factor_authentication
Published
May 10, 2022
Tracked Since
Feb 18, 2026