-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the code flow in login/confirm.php where complete_user_login() was invoked unconditionally. The patch added a check for $user->suspended before calling this function. In vulnerable versions, the absence of this check meant suspended users could log in once during confirmation. The function complete_user_login() itself isn't inherently vulnerable, but its insecure usage in this context (without suspension validation) directly enabled the bypass.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.6.11 | 2.6.11 |
| moodle/moodle | composer | >= 2.7.0, < 2.7.8 | 2.7.8 |
| moodle/moodle | composer | >= 2.8.0, < 2.8.6 | 2.8.6 |
A Semantic Attack on Google Gemini - Read the Latest Research