Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@3.1.2
purl pkg:composer/moodle/moodle@3.1.2
Next non-vulnerable version 3.1.5
Latest non-vulnerable version 3.11.6
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-k1bh-ymgt-e7cd
Aliases:
CVE-2016-9187
Unrestricted Upload of File with Dangerous Type Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
3.1.3
Affected by 2 other vulnerabilities.
VCID-v54t-5thx-1beu
Aliases:
CVE-2016-8642
GHSA-x32v-7qw8-cpq8
Improper Access Control In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
3.1.3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vb67-yux5-ayhf Weak Password Recovery Mechanism for Forgotten Password In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed. CVE-2016-7038

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:42:45.258516+00:00 GitLab Importer Affected by VCID-v54t-5thx-1beu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-8642.yml 38.6.0
2026-06-02T04:36:46.060142+00:00 GitLab Importer Fixing VCID-vb67-yux5-ayhf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-7038.yml 38.6.0
2026-06-02T04:36:40.628947+00:00 GitLab Importer Affected by VCID-k1bh-ymgt-e7cd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-9187.yml 38.6.0