CVE-2015-2272

medium

Published 2015-06-01 · Modified 2024-12-08

CVSS v3

—

CVSS v2

4.0

VIR risk

4.0

Description

Moodle allows attackers to bypass a forced-password-change requirement

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://moodle.org/mod/forum/discuss.php?d=307386

Ecosystem	Package	Vulnerable	Fixed
Packagist	moodle/moodle	`<2.6.9`	`2.6.9`
Packagist	moodle/moodle	`>=2.7.0,<2.7.6`	`2.7.6`
Packagist	moodle/moodle	`>=2.8.0,<2.8.4`	`2.8.4`

Vendor	Product	Versions
moodle	moodle	`{"endIncluding":"2.5.9"}`
moodle	moodle	`2.5.0`
moodle	moodle	`2.5.1`
moodle	moodle	`2.5.2`
moodle	moodle	`2.5.3`
moodle	moodle	`2.5.4`
moodle	moodle	`2.5.5`
moodle	moodle	`2.5.6`
moodle	moodle	`2.5.7`
moodle	moodle	`2.5.8`
moodle	moodle	`2.6.0`
moodle	moodle	`2.6.1`
moodle	moodle	`2.6.2`
moodle	moodle	`2.6.3`
moodle	moodle	`2.6.4`
moodle	moodle	`2.6.5`
moodle	moodle	`2.6.6`
moodle	moodle	`2.6.7`
moodle	moodle	`2.6.8`
moodle	moodle	`2.7.0`
moodle	moodle	`2.7.1`
moodle	moodle	`2.7.2`
moodle	moodle	`2.7.3`
moodle	moodle	`2.7.4`
moodle	moodle	`2.7.5`
moodle	moodle	`2.8.0`
moodle	moodle	`2.8.1`
moodle	moodle	`2.8.2`
moodle	moodle	`2.8.3`

CWE-264

Verify integrity in audit chain (admin only). AS-IS.