Description
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.
Exploits (1)
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://simple.com
Not Applicable x_refsource_misc
http://lms.com
Exploit, Third Party Advisory x_refsource_misc
https://github.com/FlaviuPopescu/CVE-2022-28986
Scores
CVSS v3
7.5
EPSS
0.0630
EPSS Percentile
91.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-639
Status
published
Products (1)
lmsdoctor/2_factor_authentication
2021072900
Published
May 10, 2022
Tracked Since
Feb 18, 2026