Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@2.1.10
purl pkg:composer/moodle/moodle@2.1.10
Tags Ghost
Next non-vulnerable version 4.5.9
Latest non-vulnerable version 5.1.2
Risk 3.1
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-6spt-ggnj-zber
Aliases:
CVE-2013-2083
GHSA-m63h-q4x3-6hwj
Improper Input Validation The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.
2.1.11
Affected by 0 other vulnerabilities.
2.2.10
Affected by 1 other vulnerability.
2.3.7
Affected by 231 other vulnerabilities.
2.4.4
Affected by 234 other vulnerabilities.
VCID-9tcy-uad5-hyb8
Aliases:
CVE-2013-1831
GHSA-xr24-jp5c-6c4v
Exposure of Sensitive Information to an Unauthorized Actor lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
2.2.8
Affected by 0 other vulnerabilities.
2.3.5
Affected by 235 other vulnerabilities.
2.4.2
Affected by 238 other vulnerabilities.
VCID-akut-458d-6bee
Aliases:
CVE-2013-1830
GHSA-8r7x-qq55-74v2
Moodle does not enforce the forceloginforprofiles setting user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
2.2.8
Affected by 0 other vulnerabilities.
2.3.5
Affected by 235 other vulnerabilities.
2.4.2
Affected by 238 other vulnerabilities.
VCID-era2-gy4n-6kdx
Aliases:
CVE-2013-1833
GHSA-89f3-74m6-g27g
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
2.2.8
Affected by 0 other vulnerabilities.
2.3.5
Affected by 235 other vulnerabilities.
2.4.2
Affected by 238 other vulnerabilities.
VCID-f6mk-8r56-1yfe
Aliases:
CVE-2013-1832
GHSA-pgp5-rcwp-qvfg
Exposure of Sensitive Information to an Unauthorized Actor repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
2.2.8
Affected by 0 other vulnerabilities.
2.3.5
Affected by 235 other vulnerabilities.
2.4.2
Affected by 238 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:01:15.282639+00:00 GHSA Importer Affected by VCID-era2-gy4n-6kdx https://github.com/advisories/GHSA-89f3-74m6-g27g 38.0.0
2026-04-01T16:01:14.635509+00:00 GHSA Importer Affected by VCID-akut-458d-6bee https://github.com/advisories/GHSA-8r7x-qq55-74v2 38.0.0
2026-04-01T16:01:14.438747+00:00 GHSA Importer Fixing VCID-qjdf-s39r-5bdb https://github.com/advisories/GHSA-fx5h-3786-h2w6 38.0.0
2026-04-01T16:01:14.366713+00:00 GHSA Importer Affected by VCID-f6mk-8r56-1yfe https://github.com/advisories/GHSA-pgp5-rcwp-qvfg 38.0.0
2026-04-01T16:01:14.299111+00:00 GHSA Importer Affected by VCID-9tcy-uad5-hyb8 https://github.com/advisories/GHSA-xr24-jp5c-6c4v 38.0.0
2026-04-01T16:01:13.948368+00:00 GHSA Importer Fixing VCID-hxhr-sxkm-nka6 https://github.com/advisories/GHSA-cr78-rphw-w73p 38.0.0
2026-04-01T13:10:38.427530+00:00 GithubOSV Importer Fixing VCID-hxhr-sxkm-nka6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr78-rphw-w73p/GHSA-cr78-rphw-w73p.json 38.0.0
2026-04-01T13:09:30.097047+00:00 GithubOSV Importer Fixing VCID-qjdf-s39r-5bdb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx5h-3786-h2w6/GHSA-fx5h-3786-h2w6.json 38.0.0
2026-04-01T12:50:21.721240+00:00 GitLab Importer Affected by VCID-9tcy-uad5-hyb8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2013-1831.yml 38.0.0
2026-04-01T12:50:20.987880+00:00 GitLab Importer Affected by VCID-6spt-ggnj-zber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2013-2083.yml 38.0.0
2026-04-01T12:50:18.947435+00:00 GitLab Importer Affected by VCID-akut-458d-6bee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2013-1830.yml 38.0.0
2026-04-01T12:50:17.495262+00:00 GitLab Importer Fixing VCID-hxhr-sxkm-nka6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2012-6099.yml 38.0.0
2026-04-01T12:50:13.862609+00:00 GitLab Importer Fixing VCID-qjdf-s39r-5bdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2012-6112.yml 38.0.0
2026-04-01T12:50:12.145372+00:00 GitLab Importer Fixing VCID-era2-gy4n-6kdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2013-1833.yml 38.0.0
2026-04-01T12:50:11.866614+00:00 GitLab Importer Affected by VCID-f6mk-8r56-1yfe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2013-1832.yml 38.0.0