Moodle 2.7.11

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*

part: a version: 2.7.11 update: *

VendorMoodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3)
ProductMoodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/bitnami/moodle purl2cpe 2026-06-01 10:13:14.068564
pkg:github/moodle/moodle purl2cpe 2026-06-01 10:13:14.068566
pkg:rpm/fedora/moodle purl2cpe 2026-06-01 10:13:14.068567
pkg:rpm/opensuse/moodle purl2cpe 2026-06-01 10:13:14.068568

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-7491 vulnerable 2026-06-08 05:09:56.194731 Details available
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.706Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-7490 vulnerable 2026-06-08 05:09:56.192752 Details available
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.541Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-7489 vulnerable 2026-06-08 05:09:56.171591 Details available
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.581Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-2641 vulnerable 2026-06-08 05:09:24.853722 Details available
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Published: 2017-03-26T18:00:00.000Z
Updated: 2024-08-05T14:02:07.130Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3734 vulnerable 2026-06-08 05:07:45.947867 Details available
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Published: 2017-04-20T21:00:00.000Z
Updated: 2024-08-06T00:03:34.471Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3733 vulnerable 2026-06-08 05:07:45.946612 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3732 vulnerable 2026-06-08 05:07:45.945264 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3729 vulnerable 2026-06-08 05:07:45.928304 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2190 vulnerable 2026-06-08 05:07:33.570234 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2159 vulnerable 2026-06-08 05:07:33.403039 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2158 vulnerable 2026-06-08 05:07:33.401925 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2157 vulnerable 2026-06-08 05:07:33.399998 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2156 vulnerable 2026-06-08 05:07:33.399000 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2153 vulnerable 2026-06-08 05:07:33.396473 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2152 vulnerable 2026-06-08 05:07:33.395290 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2151 vulnerable 2026-06-08 05:07:33.384855 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-0724 vulnerable 2026-06-08 05:07:15.917131 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.