Moodle 2.7.12

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*

part: a version: 2.7.12 update: *

VendorMoodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3)
ProductMoodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/bitnami/moodle purl2cpe 2026-06-01 10:13:14.068570
pkg:github/moodle/moodle purl2cpe 2026-06-01 10:13:14.068571
pkg:rpm/fedora/moodle purl2cpe 2026-06-01 10:13:14.068572
pkg:rpm/opensuse/moodle purl2cpe 2026-06-01 10:13:14.068574

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-7491 vulnerable 2026-06-08 05:09:56.194747 Details available
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.706Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-7490 vulnerable 2026-06-08 05:09:56.192771 Details available
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.541Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-7489 vulnerable 2026-06-08 05:09:56.172099 Details available
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
Published: 2017-05-15T14:00:00.000Z
Updated: 2024-08-05T16:04:11.581Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-2641 vulnerable 2026-06-08 05:09:24.854240 Details available
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Published: 2017-03-26T18:00:00.000Z
Updated: 2024-08-05T14:02:07.130Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3734 vulnerable 2026-06-08 05:07:45.947883 Details available
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Published: 2017-04-20T21:00:00.000Z
Updated: 2024-08-06T00:03:34.471Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3733 vulnerable 2026-06-08 05:07:45.946627 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3732 vulnerable 2026-06-08 05:07:45.945280 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-3729 vulnerable 2026-06-08 05:07:45.928807 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2190 vulnerable 2026-06-08 05:07:33.570251 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2159 vulnerable 2026-06-08 05:07:33.403055 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2158 vulnerable 2026-06-08 05:07:33.401941 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2157 vulnerable 2026-06-08 05:07:33.400013 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2156 vulnerable 2026-06-08 05:07:33.399016 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2153 vulnerable 2026-06-08 05:07:33.396490 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2152 vulnerable 2026-06-08 05:07:33.395307 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2151 vulnerable 2026-06-08 05:07:33.385368 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.