Vulnerabilities > Lmsdoctor

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-10	CVE-2022-28601	Incorrect Authorization vulnerability in Lmsdoctor 2 Factor Authentication A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. network low complexity lmsdoctor CWE-863	4.0
2022-05-10	CVE-2022-28986	Authorization Bypass Through User-Controlled Key vulnerability in Lmsdoctor 2 Factor Authentication 2021072900 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. network low complexity lmsdoctor CWE-639	5.0

Vulnerabilities > Lmsdoctor {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Lmsdoctor"}]}