VulnerableCode Package Details - pkg:composer/moodle/moodle@2.7.18

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/moodle/moodle@2.7.18

Essentials
History (5)

purl	pkg:composer/moodle/moodle@2.7.18

Next non-vulnerable version	2.7.19
Latest non-vulnerable version	3.11.6
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2dxb-v1af-jbax Aliases: CVE-2017-7491	Cross-Site Request Forgery (CSRF) A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.	2.7.19 Affected by 0 other vulnerabilities. 3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5rbf-4dz3-2qdz Aliases: CVE-2017-7489	Improper Privilege Management Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.	2.7.19 Affected by 0 other vulnerabilities. 3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dhku-uah4-ykh8 Aliases: CVE-2017-2641	SQL Injection An SQL injection can occur via user preferences.	2.7.19 Affected by 0 other vulnerabilities. 3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vtq4-fpr8-hudb Aliases: CVE-2017-7490	Exposure of Resource to Wrong Sphere In Moodle, searching of arbitrary blogs is possible because a capability check is missing.	2.7.19 Affected by 0 other vulnerabilities. 3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-65y9-9ur2-pugc	Improper Input Validation There is incorrect sanitization of attributes in forums.	CVE-2017-2576

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:54.062940+00:00	GitLab Importer	Affected by	VCID-5rbf-4dz3-2qdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7489.yml	38.6.0
2026-06-02T04:36:53.916941+00:00	GitLab Importer	Affected by	VCID-2dxb-v1af-jbax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7491.yml	38.6.0
2026-06-02T04:36:53.778505+00:00	GitLab Importer	Affected by	VCID-vtq4-fpr8-hudb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7490.yml	38.6.0
2026-06-02T04:36:49.558594+00:00	GitLab Importer	Affected by	VCID-dhku-uah4-ykh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2641.yml	38.6.0
2026-06-02T04:36:46.451303+00:00	GitLab Importer	Fixing	VCID-65y9-9ur2-pugc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2576.yml	38.6.0