VulnerableCode Package Details - pkg:composer/moodle/moodle@4.0.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2z6d-qf96-kyb4	Moodle may allow authenticated users to enumerate other user's names via learning plans page Authenticated users were able to enumerate other users' names via the learning plans page.	CVE-2023-28334 GHSA-hh52-g5c4-wprh
VCID-3ept-fdps-5fe5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.	CVE-2023-28331 GHSA-77jm-f3vj-xvx2
VCID-5bfe-hk7m-7bh6	Moodle may allow teachers to access the names of users they could not otherwise access Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.	CVE-2023-28336 GHSA-prjm-2fj2-787f
VCID-5q1e-b4e8-jbc8	Moodle SQL Injection vulnerability Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).	CVE-2023-28329 GHSA-72w2-j52c-7682
VCID-b994-r5mw-3fbg	Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).	CVE-2023-28333 GHSA-q2x3-2f9g-h559
VCID-cbzx-gnhr-pfap	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.	CVE-2023-28332 GHSA-9f45-9qrw-pp4v
VCID-dvrf-62nt-2kdp	Moodle may display roles to users who don't have access to them The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.	CVE-2023-1402 GHSA-vj5p-fp42-774p
VCID-yxag-fghx-47ej	Moodle arbitrary file read vulnerability Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.	CVE-2023-28330 GHSA-56r9-72vx-q989

Vulnerability

Summary

Aliases

VCID-2z6d-qf96-kyb4

Moodle may allow authenticated users to enumerate other user's names via learning plans page Authenticated users were able to enumerate other users' names via the learning plans page.

CVE-2023-28334
GHSA-hh52-g5c4-wprh

VCID-3ept-fdps-5fe5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.

CVE-2023-28331
GHSA-77jm-f3vj-xvx2

VCID-5bfe-hk7m-7bh6

Moodle may allow teachers to access the names of users they could not otherwise access Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

CVE-2023-28336
GHSA-prjm-2fj2-787f

VCID-5q1e-b4e8-jbc8

Moodle SQL Injection vulnerability Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

CVE-2023-28329
GHSA-72w2-j52c-7682

VCID-b994-r5mw-3fbg

Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).

CVE-2023-28333
GHSA-q2x3-2f9g-h559

VCID-cbzx-gnhr-pfap

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.

CVE-2023-28332
GHSA-9f45-9qrw-pp4v

VCID-dvrf-62nt-2kdp

Moodle may display roles to users who don't have access to them The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.

CVE-2023-1402
GHSA-vj5p-fp42-774p

VCID-yxag-fghx-47ej

Moodle arbitrary file read vulnerability Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

CVE-2023-28330
GHSA-56r9-72vx-q989

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:44:18.644073+00:00	GitLab Importer	Fixing	VCID-dvrf-62nt-2kdp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-1402.yml	38.6.0
2026-06-02T04:44:18.447868+00:00	GitLab Importer	Fixing	VCID-2z6d-qf96-kyb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28334.yml	38.6.0
2026-06-02T04:44:18.131165+00:00	GitLab Importer	Fixing	VCID-5bfe-hk7m-7bh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28336.yml	38.6.0
2026-06-02T04:44:18.023914+00:00	GitLab Importer	Fixing	VCID-b994-r5mw-3fbg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28333.yml	38.6.0
2026-06-02T04:44:17.909900+00:00	GitLab Importer	Fixing	VCID-cbzx-gnhr-pfap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28332.yml	38.6.0
2026-06-02T04:44:17.770095+00:00	GitLab Importer	Fixing	VCID-5q1e-b4e8-jbc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28329.yml	38.6.0
2026-06-02T04:44:17.623948+00:00	GitLab Importer	Fixing	VCID-3ept-fdps-5fe5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28331.yml	38.6.0
2026-06-02T04:44:17.527701+00:00	GitLab Importer	Fixing	VCID-yxag-fghx-47ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-28330.yml	38.6.0