Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@3.3.5
purl pkg:composer/moodle/moodle@3.3.5
Next non-vulnerable version 3.3.6
Latest non-vulnerable version 5.1.2
Risk
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-b7br-bh2d-rygp
Aliases:
CVE-2018-1137
Improper Input Validation An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
3.3.6
Affected by 0 other vulnerabilities.
3.4.3
Affected by 0 other vulnerabilities.
VCID-ckg1-9vpt-yfdk
Aliases:
CVE-2018-1134
Improper Privilege Management An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
3.3.6
Affected by 0 other vulnerabilities.
3.4.3
Affected by 0 other vulnerabilities.
VCID-fegs-ubsk-63hu
Aliases:
CVE-2018-1135
Information Exposure An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
3.3.6
Affected by 0 other vulnerabilities.
3.4.3
Affected by 0 other vulnerabilities.
VCID-g8ct-c4ce-zuaf
Aliases:
CVE-2018-1136
Cross-site Scripting An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
3.3.6
Affected by 0 other vulnerabilities.
3.4.3
Affected by 0 other vulnerabilities.
VCID-p2gd-7uam-mqf8
Aliases:
CVE-2018-1133
Injection Vulnerability An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
3.3.6
Affected by 0 other vulnerabilities.
3.4.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-fygy-9njn-abgd Improper Authentication A flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. CVE-2018-1082
VCID-m4zv-e3dn-budf Improper Access Control Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. CVE-2018-1081

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:37:43.564803+00:00 GitLab Importer Affected by VCID-fegs-ubsk-63hu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1135.yml 38.6.0
2026-06-02T04:37:43.419681+00:00 GitLab Importer Affected by VCID-g8ct-c4ce-zuaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1136.yml 38.6.0
2026-06-02T04:37:43.267756+00:00 GitLab Importer Affected by VCID-ckg1-9vpt-yfdk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1134.yml 38.6.0
2026-06-02T04:37:43.120406+00:00 GitLab Importer Affected by VCID-p2gd-7uam-mqf8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1133.yml 38.6.0
2026-06-02T04:37:42.974852+00:00 GitLab Importer Affected by VCID-b7br-bh2d-rygp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1137.yml 38.6.0
2026-06-02T04:37:38.035747+00:00 GitLab Importer Fixing VCID-fygy-9njn-abgd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1082.yml 38.6.0
2026-06-02T04:37:37.972917+00:00 GitLab Importer Fixing VCID-m4zv-e3dn-budf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1081.yml 38.6.0