VulnerableCode Package Details - pkg:composer/moodle/moodle@3.3.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-b7br-bh2d-rygp	Improper Input Validation An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.	CVE-2018-1137
VCID-ckg1-9vpt-yfdk	Improper Privilege Management An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.	CVE-2018-1134
VCID-fegs-ubsk-63hu	Information Exposure An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.	CVE-2018-1135
VCID-g8ct-c4ce-zuaf	Cross-site Scripting An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.	CVE-2018-1136
VCID-p2gd-7uam-mqf8	Injection Vulnerability An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.	CVE-2018-1133

Vulnerability

Summary

Aliases

VCID-b7br-bh2d-rygp

Improper Input Validation An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

CVE-2018-1137

VCID-ckg1-9vpt-yfdk

Improper Privilege Management An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.

CVE-2018-1134

VCID-fegs-ubsk-63hu

Information Exposure An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

CVE-2018-1135

VCID-g8ct-c4ce-zuaf

Cross-site Scripting An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.

CVE-2018-1136

VCID-p2gd-7uam-mqf8

Injection Vulnerability An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.

CVE-2018-1133

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:37:43.651700+00:00	GitLab Importer	Fixing	VCID-fegs-ubsk-63hu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1135.yml	38.6.0
2026-06-02T04:37:43.504815+00:00	GitLab Importer	Fixing	VCID-g8ct-c4ce-zuaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1136.yml	38.6.0
2026-06-02T04:37:43.354240+00:00	GitLab Importer	Fixing	VCID-ckg1-9vpt-yfdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1134.yml	38.6.0
2026-06-02T04:37:43.200498+00:00	GitLab Importer	Fixing	VCID-p2gd-7uam-mqf8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1133.yml	38.6.0
2026-06-02T04:37:43.060360+00:00	GitLab Importer	Fixing	VCID-b7br-bh2d-rygp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1137.yml	38.6.0