Federico Kirschbaum

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.6.11 Moodle versions prior to 2.7.8 Moodle versions prior to 2.8.6 Moodle version 2.5.9 **Description** The issue is related to the account-confirmation feature in the login/confirm.php component, which lacks protection of service data. This allows remote attackers to obtain sensitive full-name information by attempting to self-register. The vulnerability can be exploited by a remote attacker to gain access to user account data during self-registration attempts. **Recommendations** For versions prior to 2.6.11, update to version 2.6.11 or later. For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.8.6, update to version 2.8.6 or later. For version 2.5.9, update to a later version, as 2.5.9 is affected and no direct upgrade path to a fixed version is specified within the provided information.