VIR Vulnerability Intelligence Relay

CVE-2015-2267

medium
Published 2015-06-01 · Modified 2024-12-08
CVSS v3
CVSS v2
4.0
VIR risk
4.0

Description

Moodle allows attackers to extract archives to arbitrary directories

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://moodle.org/mod/forum/discuss.php?d=307381

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle<2.6.92.6.9
php Packagistmoodle/moodle>=2.7.0,<2.7.62.7.6
php Packagistmoodle/moodle>=2.8.0,<2.8.42.8.4

Application impact
VendorProductVersionsFixed
moodlemoodle{"endIncluding":"2.5.9"}
moodlemoodle2.5.0
moodlemoodle2.5.1
moodlemoodle2.5.2
moodlemoodle2.5.3
moodlemoodle2.5.4
moodlemoodle2.5.5
moodlemoodle2.5.6
moodlemoodle2.5.7
moodlemoodle2.5.8
moodlemoodle2.6.0
moodlemoodle2.6.1
moodlemoodle2.6.2
moodlemoodle2.6.3
moodlemoodle2.6.4
moodlemoodle2.6.5
moodlemoodle2.6.6
moodlemoodle2.6.7
moodlemoodle2.6.8
moodlemoodle2.7.0
moodlemoodle2.7.1
moodlemoodle2.7.2
moodlemoodle2.7.3
moodlemoodle2.7.4
moodlemoodle2.7.5
moodlemoodle2.8.0
moodlemoodle2.8.1
moodlemoodle2.8.2
moodlemoodle2.8.3

References

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.