Eric Eakin

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier Moodle versions 2.7.x through 2.7.9 Moodle versions 2.8.x through 2.8.7 Moodle versions 2.9.x through 2.9.1 **Description** The issue is related to insufficient access control in the lesson module of Moodle, allowing remote authenticated users to bypass intended access restrictions. By leveraging the student role, attackers can enter additional answer attempts. **Recommendations** For Moodle versions 2.6.11 and earlier, update to version 2.6.12 or later. For Moodle versions 2.7.x through 2.7.9, update to version 2.7.10 or later. For Moodle versions 2.8.x through 2.8.7, update to version 2.8.8 or later. For Moodle versions 2.9.x through 2.9.1, update to version 2.9.2 or later.