The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
moodle.org/mod/forum/discuss.php?d=194016
bugzilla.redhat.com/show_bug.cgi?id=783532
github.com/moodle/moodle
github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea
github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7
github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff
github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e
nvd.nist.gov/vuln/detail/CVE-2012-0797