Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62294?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.8.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.9.1", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43619?format=api", "vulnerability_id": "VCID-1z6j-fs6f-eua1", "summary": "Moodle allows attackers to obtain manager privileges\nThe enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744" }, { "reference_url": "https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db" }, { "reference_url": "https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2" }, { "reference_url": "https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344" }, { "reference_url": "https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320290" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5266", "reference_id": "CVE-2015-5266", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5266" }, { "reference_url": "https://github.com/advisories/GHSA-454r-4cjv-vc9h", "reference_id": "GHSA-454r-4cjv-vc9h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-454r-4cjv-vc9h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5266", "GHSA-454r-4cjv-vc9h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1z6j-fs6f-eua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43707?format=api", "vulnerability_id": "VCID-evke-m8nn-6ua3", "summary": "Moodle allows attackers to enter additional answer attempts\nThe lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516" }, { "reference_url": "https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84" }, { "reference_url": "https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869" }, { "reference_url": "https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091" }, { "reference_url": "https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc" }, { "reference_url": "https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4" }, { "reference_url": "https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d" }, { "reference_url": "https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840" }, { "reference_url": "https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac" }, { "reference_url": "https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca" }, { "reference_url": "https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320287" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5264", "reference_id": "CVE-2015-5264", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5264" }, { "reference_url": "https://github.com/advisories/GHSA-mm9q-3847-m48x", "reference_id": "GHSA-mm9q-3847-m48x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm9q-3847-m48x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5264", "GHSA-mm9q-3847-m48x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evke-m8nn-6ua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43637?format=api", "vulnerability_id": "VCID-fpuj-f6nx-n7a9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709" }, { "reference_url": "https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980" }, { "reference_url": "https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320293" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5269", "reference_id": "CVE-2015-5269", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5269" }, { "reference_url": "https://github.com/advisories/GHSA-5729-822w-j342", "reference_id": "GHSA-5729-822w-j342", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5729-822w-j342" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5269", "GHSA-5729-822w-j342" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpuj-f6nx-n7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43441?format=api", "vulnerability_id": "VCID-jc19-ee46-4uh3", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860" }, { "reference_url": "https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896" }, { "reference_url": "https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257" }, { "reference_url": "https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119" }, { "reference_url": "https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320291" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5267", "reference_id": "CVE-2015-5267", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5267" }, { "reference_url": "https://github.com/advisories/GHSA-382v-gxj9-ffhc", "reference_id": "GHSA-382v-gxj9-ffhc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-382v-gxj9-ffhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5267", "GHSA-382v-gxj9-ffhc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc19-ee46-4uh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43478?format=api", "vulnerability_id": "VCID-wg45-hemm-97am", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173" }, { "reference_url": "https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a" }, { "reference_url": "https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665" }, { "reference_url": "https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320292", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320292" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1033619" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5268", "reference_id": "CVE-2015-5268", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5268" }, { "reference_url": "https://github.com/advisories/GHSA-h34c-px28-rjgw", "reference_id": "GHSA-h34c-px28-rjgw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h34c-px28-rjgw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5268", "GHSA-h34c-px28-rjgw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg45-hemm-97am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43769?format=api", "vulnerability_id": "VCID-xy2y-yxfu-xfgm", "summary": "Moodle allows attackers to delete files\nThe wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371" }, { "reference_url": "https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585" }, { "reference_url": "https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea" }, { "reference_url": "https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1" }, { "reference_url": "https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=320289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=320289" }, { "reference_url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/09/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5265", "reference_id": "CVE-2015-5265", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5265" }, { "reference_url": "https://github.com/advisories/GHSA-44xp-wj24-9xxj", "reference_id": "GHSA-44xp-wj24-9xxj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-44xp-wj24-9xxj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62293?format=api", "purl": "pkg:composer/moodle/moodle@2.7.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62294?format=api", "purl": "pkg:composer/moodle/moodle@2.8.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62295?format=api", "purl": "pkg:composer/moodle/moodle@2.9.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2" } ], "aliases": [ "CVE-2015-5265", "GHSA-44xp-wj24-9xxj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xy2y-yxfu-xfgm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8" }