VIR Vulnerability Intelligence Relay

CVE-2016-2154

medium
Published 2016-05-22 · Modified 2024-02-16
CVSS v3
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2
4.0
VIR risk
4.3

Description

Moodle allows attackers to discover hidden course names

Predictions

Exploit likelihood
53%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://moodle.org/mod/forum/discuss.php?d=330176

Package impact
EcosystemPackageVulnerableFixed
php Packagistmoodle/moodle>=2.8.0,<2.8.112.8.11
php Packagistmoodle/moodle>=2.9.0,<2.9.52.9.5
php Packagistmoodle/moodle>=3.0.0,<3.0.33.0.3

Application impact
VendorProductVersionsFixed
moodlemoodle2.8.0
moodlemoodle2.8.1
moodlemoodle2.8.2
moodlemoodle2.8.3
moodlemoodle2.8.4
moodlemoodle2.8.5
moodlemoodle2.8.6
moodlemoodle2.8.7
moodlemoodle2.8.8
moodlemoodle2.8.9
moodlemoodle2.8.10
moodlemoodle2.9.0
moodlemoodle2.9.1
moodlemoodle2.9.2
moodlemoodle2.9.3
moodlemoodle2.9.4
moodlemoodle3.0.0
moodlemoodle3.0.1
moodlemoodle3.0.2

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.