CVE-2022-28986

Published: May 10, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.

Affected (1)

Products: Lmsdoctor: 2 Factor Authentication

1 product

2 Factor Authentication

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lmsdoctor 2 Factor Authentication	Version 2021072900

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

Source: cve@mitre.org

Not Applicable

http://simple.com

Source: cve@mitre.org

Broken Link

https://github.com/FlaviuPopescu/CVE-2022-28986

Source: cve@mitre.org

ExploitThird Party Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://simple.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/FlaviuPopescu/CVE-2022-28986

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.