VulnerableCode Package Details - pkg:composer/moodle/moodle@4.1.4

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4bfr-preb-afas	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.	CVE-2023-35131 GHSA-fwfj-8p36-rc64
VCID-4k5r-agwn-ruea	Server-Side Request Forgery (SSRF) An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVE-2023-35133 GHSA-xxp4-mf4h-6cwm
VCID-jc4y-cpn8-6kgs	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVE-2023-35132 GHSA-49mv-vfcp-8gg9

Vulnerability

Summary

Aliases

VCID-4bfr-preb-afas

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

CVE-2023-35131
GHSA-fwfj-8p36-rc64

VCID-4k5r-agwn-ruea

Server-Side Request Forgery (SSRF) An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVE-2023-35133
GHSA-xxp4-mf4h-6cwm

VCID-jc4y-cpn8-6kgs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVE-2023-35132
GHSA-49mv-vfcp-8gg9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:08:26.413406+00:00	GithubOSV Importer	Fixing	VCID-jc4y-cpn8-6kgs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-49mv-vfcp-8gg9/GHSA-49mv-vfcp-8gg9.json	38.6.0
2026-05-31T11:08:19.472080+00:00	GithubOSV Importer	Fixing	VCID-4k5r-agwn-ruea	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-xxp4-mf4h-6cwm/GHSA-xxp4-mf4h-6cwm.json	38.6.0
2026-05-31T11:08:07.963105+00:00	GithubOSV Importer	Fixing	VCID-4bfr-preb-afas	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-fwfj-8p36-rc64/GHSA-fwfj-8p36-rc64.json	38.6.0
2026-05-30T21:01:03.154294+00:00	GitLab Importer	Fixing	VCID-4bfr-preb-afas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-35131.yml	38.6.0
2026-05-30T21:01:02.207701+00:00	GitLab Importer	Fixing	VCID-4k5r-agwn-ruea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-35133.yml	38.6.0
2026-05-30T21:01:01.455794+00:00	GitLab Importer	Fixing	VCID-jc4y-cpn8-6kgs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-35132.yml	38.6.0