Vulnerability Details CVE-2022-28601
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2022-28601
-
cpe:2.3:a:lmsdoctor:2_factor_authentication:-