Pavel Sokolov

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.9.x through 2.9.2 **Description** The issue is related to errors in checking the contact list, allowing a remote attacker to bypass existing access restrictions and conduct spam attacks. The messaging API is affected, enabling remote authenticated users to exploit this issue. **Recommendations** For Moodle versions 2.9.x through 2.9.2, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the messaging API to minimize the risk of exploitation.