VIR Vulnerability Intelligence Relay

CVE-2014-9060

medium
Published 2014-11-24 · Modified 2024-12-08
CVSS v3
CVSS v2
5.0
VIR risk
5.0

Description

Moodle allows attackers to trigger the generation of arbitrary messages

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle<2.5.92.5.9
php Packagistmoodle/moodle>=2.6.0,<2.6.62.6.6
php Packagistmoodle/moodle>=2.7.0,<2.7.32.7.3

Application impact
VendorProductVersionsFixed
moodlemoodle{"endIncluding":"2.4.11"}
moodlemoodle2.5.0
moodlemoodle2.5.1
moodlemoodle2.5.2
moodlemoodle2.5.3
moodlemoodle2.5.4
moodlemoodle2.5.5
moodlemoodle2.5.6
moodlemoodle2.5.7
moodlemoodle2.5.8
moodlemoodle2.6.0
moodlemoodle2.6.1
moodlemoodle2.6.2
moodlemoodle2.6.3
moodlemoodle2.6.4
moodlemoodle2.6.5
moodlemoodle2.7.0
moodlemoodle2.7.1
moodlemoodle2.7.2

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.