VulnerableCode Package Details - pkg:composer/moodle/moodle@3.0.8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/moodle/moodle@3.0.8

Essentials
History (5)

purl	pkg:composer/moodle/moodle@3.0.8

Next non-vulnerable version	3.0.9
Latest non-vulnerable version	5.1.2
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2dxb-v1af-jbax Aliases: CVE-2017-7491	Cross-Site Request Forgery (CSRF) A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.	3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5rbf-4dz3-2qdz Aliases: CVE-2017-7489	Improper Privilege Management Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.	3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dhku-uah4-ykh8 Aliases: CVE-2017-2641	SQL Injection An SQL injection can occur via user preferences.	3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vtq4-fpr8-hudb Aliases: CVE-2017-7490	Exposure of Resource to Wrong Sphere In Moodle, searching of arbitrary blogs is possible because a capability check is missing.	3.0.9 Affected by 0 other vulnerabilities. 3.1.5 Affected by 0 other vulnerabilities. 3.2.3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-65y9-9ur2-pugc	Improper Input Validation There is incorrect sanitization of attributes in forums.	CVE-2017-2576

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:54.070312+00:00	GitLab Importer	Affected by	VCID-5rbf-4dz3-2qdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7489.yml	38.6.0
2026-06-02T04:36:53.924124+00:00	GitLab Importer	Affected by	VCID-2dxb-v1af-jbax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7491.yml	38.6.0
2026-06-02T04:36:53.786328+00:00	GitLab Importer	Affected by	VCID-vtq4-fpr8-hudb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-7490.yml	38.6.0
2026-06-02T04:36:49.566659+00:00	GitLab Importer	Affected by	VCID-dhku-uah4-ykh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2641.yml	38.6.0
2026-06-02T04:36:46.456112+00:00	GitLab Importer	Fixing	VCID-65y9-9ur2-pugc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2576.yml	38.6.0