GCVE - cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*

part: a version: 2.7.13 update: *

Vendor	Moodle (`1f527b56-744d-5be6-b0f4-b691bd50b8c3`)
Product	Moodle (`221dc9da-2dde-53d2-a358-e0cb5ac858f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bitnami/moodle`	purl2cpe	2026-06-01 10:13:14.068575
`pkg:github/moodle/moodle`	purl2cpe	2026-06-01 10:13:14.068576
`pkg:rpm/fedora/moodle`	purl2cpe	2026-06-01 10:13:14.068578
`pkg:rpm/opensuse/moodle`	purl2cpe	2026-06-01 10:13:14.068579

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7491`	vulnerable	2026-06-08 05:09:56.194764	Details available In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. Published: 2017-05-15T14:00:00.000Z Updated: 2024-08-05T16:04:11.706Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=352355	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7490`	vulnerable	2026-06-08 05:09:56.192888	Details available In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. Published: 2017-05-15T14:00:00.000Z Updated: 2024-08-05T16:04:11.541Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=352354	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-7489`	vulnerable	2026-06-08 05:09:56.172663	Details available In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. Published: 2017-05-15T14:00:00.000Z Updated: 2024-08-05T16:04:11.581Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=352353	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2641`	vulnerable	2026-06-08 05:09:24.854718	Details available In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Published: 2017-03-26T18:00:00.000Z Updated: 2024-08-05T14:02:07.130Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/41828/ http://www.securityfocus.com/bid/96977 https://moodle.org/mod/forum/discuss.php?d=349419 http://www.securitytracker.com/id/1038174	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3734`	vulnerable	2026-06-08 05:07:45.947898	Details available Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. Published: 2017-04-20T21:00:00.000Z Updated: 2024-08-06T00:03:34.471Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2016/05/17/4 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755 https://bugzilla.redhat.com/show_bug.cgi?id=1335933 http://www.securitytracker.com/id/1035902 http://www.securityfocus.com/bid/91281	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3733`	vulnerable	2026-06-08 05:07:45.946642	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3732`	vulnerable	2026-06-08 05:07:45.945296	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-3729`	vulnerable	2026-06-08 05:07:45.929313	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.