CVE-2014-7836

medium

Published 2014-11-24 · Modified 2024-12-07

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://moodle.org/mod/forum/discuss.php?d=275162

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924

Ecosystem	Package	Vulnerable	Fixed
Packagist	moodle/moodle	`<2.5.9`	`2.5.9`
Packagist	moodle/moodle	`>=2.6.0,<2.6.6`	`2.6.6`
Packagist	moodle/moodle	`>=2.7.0,<2.7.3`	`2.7.3`

Vendor	Product	Versions
moodle	moodle	`{"endIncluding":"2.4.11"}`
moodle	moodle	`2.5.0`
moodle	moodle	`2.5.1`
moodle	moodle	`2.5.2`
moodle	moodle	`2.5.3`
moodle	moodle	`2.5.4`
moodle	moodle	`2.5.5`
moodle	moodle	`2.5.6`
moodle	moodle	`2.5.7`
moodle	moodle	`2.5.8`
moodle	moodle	`2.6.0`
moodle	moodle	`2.6.1`
moodle	moodle	`2.6.2`
moodle	moodle	`2.6.3`
moodle	moodle	`2.6.4`
moodle	moodle	`2.6.5`
moodle	moodle	`2.7.0`
moodle	moodle	`2.7.1`
moodle	moodle	`2.7.2`

CWE-352

Verify integrity in audit chain (admin only). AS-IS.