BIT-MOODLE-2025-3634 Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

Moodle self enrollment available before completing second factor with MFA enabled

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to improper enforcement of multi-factor authentication during the self-enrollment process. An attacker can bypass the intended security controls by exploiting this weakne...

GHSA-QHC7-XHC2-7P7W Moodle self enrollment available before completing second factor with MFA enabled

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes...

Privilege Escalation

Moodle is vulnerable to privilege escalation attacks. The attacks are possible due to a flaw in the self-enrollment functionality. The flaw allows an authenticated user to leverage a role from teacher to manager level without authorization...

CVE-2012-0798

The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role...