Search for packages
| purl | pkg:composer/moodle/moodle@2.9.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-vb67-yux5-ayhf
Aliases: CVE-2016-7038 |
Weak Password Recovery Mechanism for Forgotten Password In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fsex-f512-pudv | Injection Vulnerability In Moodle, text injection can occur in email headers, potentially leading to outbound spam. |
CVE-2016-5013
|
| VCID-qtt4-455b-abb6 | Exposure of Sensitive Information to an Unauthorized Actor In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. |
CVE-2016-5014
GHSA-c4cq-v4wp-28hg |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:42:58.478654+00:00 | GitLab Importer | Fixing | VCID-qtt4-455b-abb6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-5014.yml | 38.6.0 |
| 2026-06-02T04:36:46.197684+00:00 | GitLab Importer | Fixing | VCID-fsex-f512-pudv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-5013.yml | 38.6.0 |
| 2026-06-02T04:36:45.953647+00:00 | GitLab Importer | Affected by | VCID-vb67-yux5-ayhf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-7038.yml | 38.6.0 |