Moodle 2.9.x < 2.9.3 Security Bypass
Medium Nessus Network Monitor Plugin ID 9189
SynopsisThe remote web server is hosting a web application that is vulnerable to a security bypass attack vector.
DescriptionMoodle, an open-source course management system, installed on the remote host is version 2.9.x prior to 2.9.3, and is affected by a flaw that is due to the program failing to sufficiently check settings when messaging other users. This may allow an authenticated remote attacker to bypass preferences against receiving mail from non-contacts and send spam mail to a user where it should be blocked.
SolutionUpgrade to Moodle version 2.9.3 or later.