VulnerableCode Package Details - pkg:composer/moodle/moodle@3.0.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-fsex-f512-pudv Aliases: CVE-2016-5013	Injection Vulnerability In Moodle, text injection can occur in email headers, potentially leading to outbound spam.	3.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qtt4-455b-abb6 Aliases: CVE-2016-5014 GHSA-c4cq-v4wp-28hg	Exposure of Sensitive Information to an Unauthorized Actor In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.	3.0.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-fsex-f512-pudv
Aliases:
CVE-2016-5013

Injection Vulnerability In Moodle, text injection can occur in email headers, potentially leading to outbound spam.

3.0.5
Affected by 1 other vulnerability.

3.1.1
Affected by 1 other vulnerability.

VCID-qtt4-455b-abb6
Aliases:
CVE-2016-5014
GHSA-c4cq-v4wp-28hg

Exposure of Sensitive Information to an Unauthorized Actor In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

3.0.5
Affected by 1 other vulnerability.

3.1.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-4kq5-ctsv-eka8	Improper Access Control The "restore teacher" feature in Moodle allows remote authenticated users to overwrite the course id number.	CVE-2016-3733
VCID-kgvw-uxf4-wbc1	Cross-Site Request Forgery (CSRF) A Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.	CVE-2016-3734
VCID-s3ue-e5h8-f3dy	Improper Access Control The user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.	CVE-2016-3729

Vulnerability

Summary

Aliases

VCID-4kq5-ctsv-eka8

Improper Access Control The "restore teacher" feature in Moodle allows remote authenticated users to overwrite the course id number.

CVE-2016-3733

VCID-kgvw-uxf4-wbc1

Cross-Site Request Forgery (CSRF) A Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

CVE-2016-3734

VCID-s3ue-e5h8-f3dy

Improper Access Control The user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.

CVE-2016-3729

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:42:58.424629+00:00	GitLab Importer	Affected by	VCID-qtt4-455b-abb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-5014.yml	38.6.0
2026-06-02T04:36:52.101838+00:00	GitLab Importer	Fixing	VCID-s3ue-e5h8-f3dy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-3729.yml	38.6.0
2026-06-02T04:36:51.923206+00:00	GitLab Importer	Fixing	VCID-4kq5-ctsv-eka8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-3733.yml	38.6.0
2026-06-02T04:36:51.784560+00:00	GitLab Importer	Fixing	VCID-kgvw-uxf4-wbc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-3734.yml	38.6.0
2026-06-02T04:36:46.125902+00:00	GitLab Importer	Affected by	VCID-fsex-f512-pudv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-5013.yml	38.6.0