VIR Vulnerability Intelligence Relay

CVE-2014-9059

medium
Published 2014-11-24 · Modified 2024-12-08
CVSS v3
CVSS v2
4.3
VIR risk
4.3

Description

Moodle does not provide charset information in HTTP headers

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://moodle.org/mod/forum/discuss.php?d=275146

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle<2.5.92.5.9
php Packagistmoodle/moodle>=2.6.0,<2.6.62.6.6
php Packagistmoodle/moodle>=2.7.0,<2.7.32.7.3

Application impact
VendorProductVersionsFixed
moodlemoodle{"endIncluding":"2.4.11"}
moodlemoodle2.5.0
moodlemoodle2.5.1
moodlemoodle2.5.2
moodlemoodle2.5.3
moodlemoodle2.5.4
moodlemoodle2.5.5
moodlemoodle2.5.6
moodlemoodle2.5.7
moodlemoodle2.5.8
moodlemoodle2.6.0
moodlemoodle2.6.1
moodlemoodle2.6.2
moodlemoodle2.6.3
moodlemoodle2.6.4
moodlemoodle2.6.5
moodlemoodle2.7.0
moodlemoodle2.7.1
moodlemoodle2.7.2

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.