VIR Vulnerability Intelligence Relay

CVE-2015-0214

medium
Published 2015-06-01 · Modified 2024-12-08
CVSS v3
CVSS v2
4.0
VIR risk
4.0

Description

Moodle allows attackers to bypass a messaging-disabled setting

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://moodle.org/mod/forum/discuss.php?d=278614

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle<2.6.72.6.7
php Packagistmoodle/moodle>=2.7.0,<2.7.42.7.4
php Packagistmoodle/moodle>=2.8.0,<2.8.22.8.2

Application impact
VendorProductVersionsFixed
moodlemoodle{"endIncluding":"2.5.9"}
moodlemoodle2.5.0
moodlemoodle2.5.1
moodlemoodle2.5.2
moodlemoodle2.5.3
moodlemoodle2.5.4
moodlemoodle2.5.5
moodlemoodle2.5.6
moodlemoodle2.5.7
moodlemoodle2.5.8
moodlemoodle2.6.0
moodlemoodle2.6.1
moodlemoodle2.6.2
moodlemoodle2.6.3
moodlemoodle2.6.4
moodlemoodle2.6.5
moodlemoodle2.6.6
moodlemoodle2.7.0
moodlemoodle2.7.1
moodlemoodle2.7.2
moodlemoodle2.7.3
moodlemoodle2.8.0

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.