GCVE - cpe:2.3:a:moodle:moodle:2.6.9:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.6.9:*:*:*:*:*:*:*

part: a version: 2.6.9 update: *

Vendor	Moodle (`1f527b56-744d-5be6-b0f4-b691bd50b8c3`)
Product	Moodle (`221dc9da-2dde-53d2-a358-e0cb5ac858f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bitnami/moodle`	purl2cpe	2026-06-01 10:13:14.068514
`pkg:github/moodle/moodle`	purl2cpe	2026-06-01 10:13:14.068515
`pkg:rpm/fedora/moodle`	purl2cpe	2026-06-01 10:13:14.068516
`pkg:rpm/opensuse/moodle`	purl2cpe	2026-06-01 10:13:14.068518

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-3274`	vulnerable	2026-06-08 05:06:37.858536	Details available Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service. Published: 2016-02-22T02:00:00.000Z Updated: 2024-08-06T05:39:32.145Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2015/07/13/2 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130 http://www.securitytracker.com/id/1032877 https://moodle.org/mod/forum/discuss.php?d=316664	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3272`	vulnerable	2026-06-08 05:06:37.852228	Details available Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL. Published: 2016-02-22T02:00:00.000Z Updated: 2024-08-06T05:39:32.140Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=316662 http://openwall.com/lists/oss-security/2015/07/13/2 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688 http://www.securitytracker.com/id/1032877	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3181`	vulnerable	2026-06-08 05:06:37.404318	Details available files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. Published: 2015-06-01T19:00:00.000Z Updated: 2024-08-06T05:39:31.660Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/74728 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313688 http://openwall.com/lists/oss-security/2015/05/18/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3180`	vulnerable	2026-06-08 05:06:37.403299	Details available lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. Published: 2015-06-01T19:00:00.000Z Updated: 2024-08-06T05:39:32.046Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=313687 http://www.securityfocus.com/bid/74729 http://www.securitytracker.com/id/1032358 http://openwall.com/lists/oss-security/2015/05/18/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3179`	vulnerable	2026-06-08 05:06:37.402181	Details available login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. Published: 2015-06-01T19:00:00.000Z Updated: 2024-08-06T05:39:31.951Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/74725 https://moodle.org/mod/forum/discuss.php?d=313686 http://www.securitytracker.com/id/1032358 http://openwall.com/lists/oss-security/2015/05/18/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3178`	vulnerable	2026-06-08 05:06:37.401145	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3176`	vulnerable	2026-06-08 05:06:37.399541	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3175`	vulnerable	2026-06-08 05:06:37.398494	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3174`	vulnerable	2026-06-08 05:06:37.390099	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.