VIR Vulnerability Intelligence Relay

CVE-2014-7846

medium
Published 2014-11-24 · Modified 2024-12-07
CVSS v3
CVSS v2
4.0
VIR risk
4.0

Description

Moodle does not consider the moodle/tag:edit capability before adding a tag

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://moodle.org/mod/forum/discuss.php?d=275157

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle<2.5.92.5.9
php Packagistmoodle/moodle>=2.6.0,<2.6.62.6.6
php Packagistmoodle/moodle>=2.7.0,<2.7.32.7.3

Application impact
VendorProductVersionsFixed
moodlemoodle{"endIncluding":"2.4.11"}
moodlemoodle2.5.0
moodlemoodle2.5.1
moodlemoodle2.5.2
moodlemoodle2.5.3
moodlemoodle2.5.4
moodlemoodle2.5.5
moodlemoodle2.5.6
moodlemoodle2.5.7
moodlemoodle2.5.8
moodlemoodle2.6.0
moodlemoodle2.6.1
moodlemoodle2.6.2
moodlemoodle2.6.3
moodlemoodle2.6.4
moodlemoodle2.6.5
moodlemoodle2.7.0
moodlemoodle2.7.1
moodlemoodle2.7.2

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.