VulnerableCode Package Details - pkg:composer/moodle/moodle@5.0.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2h6c-6mgm-akc2	Moodle vulnerable to brute-force password guesses Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.	CVE-2025-62399 GHSA-m58f-9pvv-8mp2
VCID-7z2w-xpn7-gbhm	Moodle does not properly enforce MFA A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.	CVE-2025-62398 GHSA-25wf-7x6c-wmpf
VCID-a6w6-penj-kuds	Moodle has a time restriction bypass An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.	CVE-2025-62401 GHSA-w29j-8phw-ffjf
VCID-cghw-xbkf-juh9	Moodle course access permissions are not properly checked in course_output_fragment_course_overview A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.	CVE-2025-62393 GHSA-rjcm-7v2p-9265
VCID-de7j-3de2-s3ee	Moodle's error handling leads to sensitive information disclosure An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.	CVE-2025-62396 GHSA-c5cj-xp43-qcc3
VCID-fcf4-tf5h-hfcr	Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.	CVE-2025-62400 GHSA-422v-w6c5-vq42
VCID-ysax-7hvs-mkct	Moodle sends quiz-related messages to inactive/suspended users Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.	CVE-2025-62394 GHSA-8fcv-4qp9-pg32

Vulnerability

Summary

Aliases

VCID-2h6c-6mgm-akc2

Moodle vulnerable to brute-force password guesses Moodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.

CVE-2025-62399
GHSA-m58f-9pvv-8mp2

VCID-7z2w-xpn7-gbhm

Moodle does not properly enforce MFA A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

CVE-2025-62398
GHSA-25wf-7x6c-wmpf

VCID-a6w6-penj-kuds

Moodle has a time restriction bypass An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.

CVE-2025-62401
GHSA-w29j-8phw-ffjf

VCID-cghw-xbkf-juh9

Moodle course access permissions are not properly checked in course_output_fragment_course_overview A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

CVE-2025-62393
GHSA-rjcm-7v2p-9265

VCID-de7j-3de2-s3ee

Moodle's error handling leads to sensitive information disclosure An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.

CVE-2025-62396
GHSA-c5cj-xp43-qcc3

VCID-fcf4-tf5h-hfcr

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

CVE-2025-62400
GHSA-422v-w6c5-vq42

VCID-ysax-7hvs-mkct

Moodle sends quiz-related messages to inactive/suspended users Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.

CVE-2025-62394
GHSA-8fcv-4qp9-pg32

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T10:59:05.048998+00:00	GithubOSV Importer	Fixing	VCID-a6w6-penj-kuds	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-w29j-8phw-ffjf/GHSA-w29j-8phw-ffjf.json	38.6.0
2026-05-31T10:59:02.532626+00:00	GithubOSV Importer	Fixing	VCID-de7j-3de2-s3ee	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-c5cj-xp43-qcc3/GHSA-c5cj-xp43-qcc3.json	38.6.0
2026-05-31T10:58:56.230243+00:00	GithubOSV Importer	Fixing	VCID-7z2w-xpn7-gbhm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-25wf-7x6c-wmpf/GHSA-25wf-7x6c-wmpf.json	38.6.0
2026-05-31T10:58:54.024774+00:00	GithubOSV Importer	Fixing	VCID-fcf4-tf5h-hfcr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-422v-w6c5-vq42/GHSA-422v-w6c5-vq42.json	38.6.0
2026-05-31T10:58:49.931529+00:00	GithubOSV Importer	Fixing	VCID-cghw-xbkf-juh9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-rjcm-7v2p-9265/GHSA-rjcm-7v2p-9265.json	38.6.0
2026-05-31T10:58:47.718713+00:00	GithubOSV Importer	Fixing	VCID-ysax-7hvs-mkct	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-8fcv-4qp9-pg32/GHSA-8fcv-4qp9-pg32.json	38.6.0
2026-05-31T10:58:44.750989+00:00	GithubOSV Importer	Fixing	VCID-2h6c-6mgm-akc2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-m58f-9pvv-8mp2/GHSA-m58f-9pvv-8mp2.json	38.6.0
2026-05-31T01:05:43.268234+00:00	GHSA Importer	Fixing	VCID-7z2w-xpn7-gbhm	https://github.com/advisories/GHSA-25wf-7x6c-wmpf	38.6.0
2026-05-31T01:05:43.058595+00:00	GHSA Importer	Fixing	VCID-a6w6-penj-kuds	https://github.com/advisories/GHSA-w29j-8phw-ffjf	38.6.0
2026-05-31T01:05:42.774104+00:00	GHSA Importer	Fixing	VCID-2h6c-6mgm-akc2	https://github.com/advisories/GHSA-m58f-9pvv-8mp2	38.6.0
2026-05-31T01:05:42.724783+00:00	GHSA Importer	Fixing	VCID-de7j-3de2-s3ee	https://github.com/advisories/GHSA-c5cj-xp43-qcc3	38.6.0
2026-05-31T01:05:42.679493+00:00	GHSA Importer	Fixing	VCID-fcf4-tf5h-hfcr	https://github.com/advisories/GHSA-422v-w6c5-vq42	38.6.0
2026-05-31T01:05:42.606613+00:00	GHSA Importer	Fixing	VCID-ysax-7hvs-mkct	https://github.com/advisories/GHSA-8fcv-4qp9-pg32	38.6.0
2026-05-31T01:05:42.565676+00:00	GHSA Importer	Fixing	VCID-cghw-xbkf-juh9	https://github.com/advisories/GHSA-rjcm-7v2p-9265	38.6.0
2026-05-30T21:04:32.126740+00:00	GitLab Importer	Fixing	VCID-a6w6-penj-kuds	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62401.yml	38.6.0
2026-05-30T21:04:32.023331+00:00	GitLab Importer	Fixing	VCID-fcf4-tf5h-hfcr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62400.yml	38.6.0
2026-05-30T21:04:31.856537+00:00	GitLab Importer	Fixing	VCID-7z2w-xpn7-gbhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62398.yml	38.6.0
2026-05-30T21:04:31.767630+00:00	GitLab Importer	Fixing	VCID-ysax-7hvs-mkct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62394.yml	38.6.0
2026-05-30T21:04:31.700710+00:00	GitLab Importer	Fixing	VCID-de7j-3de2-s3ee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62396.yml	38.6.0
2026-05-30T21:04:31.469384+00:00	GitLab Importer	Fixing	VCID-2h6c-6mgm-akc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62399.yml	38.6.0
2026-05-30T21:04:31.305435+00:00	GitLab Importer	Fixing	VCID-cghw-xbkf-juh9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2025-62393.yml	38.6.0