GCVE - cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*

part: a version: 5.1.0 update: -

Vendor	Moodle (`1f527b56-744d-5be6-b0f4-b691bd50b8c3`)
Product	Moodle (`221dc9da-2dde-53d2-a358-e0cb5ac858f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bitnami/moodle`	purl2cpe	2026-06-01 10:13:14.248052
`pkg:github/moodle/moodle`	purl2cpe	2026-06-01 10:13:14.248053
`pkg:rpm/fedora/moodle`	purl2cpe	2026-06-01 10:13:14.248054
`pkg:rpm/opensuse/moodle`	purl2cpe	2026-06-01 10:13:14.248056

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-67857`	vulnerable	2026-06-08 07:41:20.548088	Moodle: moodle: data exposure of user identifiers in urls MEDIUM (4.3) A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure. Published: 2026-02-03T10:52:22.459Z Updated: 2026-02-03T15:40:59.601Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2025-67857 https://bugzilla.redhat.com/show_bug.cgi?id=2423868 https://moodle.org/mod/forum/discuss.php?d=471307	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67855`	vulnerable	2026-06-08 07:41:20.543726	Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting MEDIUM (5.4) A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser. Published: 2026-02-03T10:52:15.809Z Updated: 2026-02-03T15:43:19.863Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2025-67855 https://bugzilla.redhat.com/show_bug.cgi?id=2423861	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67853`	vulnerable	2026-06-08 07:41:20.543440	Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service HIGH (7.5) A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts. Published: 2026-02-03T10:52:12.755Z Updated: 2026-02-03T15:43:49.951Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2025-67853 https://bugzilla.redhat.com/show_bug.cgi?id=2423847	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67852`	vulnerable	2026-06-08 07:41:20.543137	Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites. LOW (3.5) A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure. Published: 2026-02-03T10:52:09.893Z Updated: 2026-02-03T15:44:29.178Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2025-67852 https://bugzilla.redhat.com/show_bug.cgi?id=2423844	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67851`	vulnerable	2026-06-08 07:41:20.542730	Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export MEDIUM (6.1) A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet. Published: 2026-02-03T10:52:06.974Z Updated: 2026-02-03T17:02:43.231Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2025-67851 https://bugzilla.redhat.com/show_bug.cgi?id=2423841 https://moodle.org/mod/forum/discuss.php?d=471301	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67850`	vulnerable	2026-06-08 07:41:20.542319	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67849`	vulnerable	2026-06-08 07:41:20.541892	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67848`	vulnerable	2026-06-08 07:41:20.541328	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67847`	vulnerable	2026-06-08 07:41:20.540913	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.