Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b6nc-pmkm-3ua1
Summary
Moodle Authentication Bypass in File Upload
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
Aliases
0
alias CVE-2012-3387
1
alias GHSA-w66h-c2vj-cm7f
Fixed_packages
Affected_packages
0
url pkg:composer/moodle/moodle@2.3.0
purl pkg:composer/moodle/moodle@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2e9f-d7rx-kqah
1
vulnerability VCID-36w8-8p24-n3bb
2
vulnerability VCID-3fdn-sk73-zqe2
3
vulnerability VCID-6spt-ggnj-zber
4
vulnerability VCID-9tcy-uad5-hyb8
5
vulnerability VCID-akut-458d-6bee
6
vulnerability VCID-b6nc-pmkm-3ua1
7
vulnerability VCID-bgbv-4kb1-3bhg
8
vulnerability VCID-bkcw-p2su-pkde
9
vulnerability VCID-era2-gy4n-6kdx
10
vulnerability VCID-f6mk-8r56-1yfe
11
vulnerability VCID-hxhr-sxkm-nka6
12
vulnerability VCID-j9xy-97ps-7fht
13
vulnerability VCID-kjwa-ezsm-pbg7
14
vulnerability VCID-mp12-mrm4-rbby
15
vulnerability VCID-qjdf-s39r-5bdb
16
vulnerability VCID-u1b3-2tg8-kfhv
17
vulnerability VCID-uhws-64fm-hybk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
1
reference_url http://openwall.com/lists/oss-security/2012/07/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2012/07/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3387
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41624
published_at 2026-05-14T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41746
published_at 2026-04-26T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41667
published_at 2026-04-29T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.41525
published_at 2026-05-05T12:55:00Z
4
value 0.00198
scoring_system epss
scoring_elements 0.41595
published_at 2026-05-07T12:55:00Z
5
value 0.00198
scoring_system epss
scoring_elements 0.41611
published_at 2026-05-09T12:55:00Z
6
value 0.00198
scoring_system epss
scoring_elements 0.41521
published_at 2026-05-11T12:55:00Z
7
value 0.00198
scoring_system epss
scoring_elements 0.41548
published_at 2026-05-12T12:55:00Z
8
value 0.00198
scoring_system epss
scoring_elements 0.41809
published_at 2026-04-01T12:55:00Z
9
value 0.00198
scoring_system epss
scoring_elements 0.41874
published_at 2026-04-02T12:55:00Z
10
value 0.00198
scoring_system epss
scoring_elements 0.41902
published_at 2026-04-04T12:55:00Z
11
value 0.00198
scoring_system epss
scoring_elements 0.4183
published_at 2026-04-07T12:55:00Z
12
value 0.00198
scoring_system epss
scoring_elements 0.4188
published_at 2026-04-08T12:55:00Z
13
value 0.00198
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-18T12:55:00Z
14
value 0.00198
scoring_system epss
scoring_elements 0.41914
published_at 2026-04-11T12:55:00Z
15
value 0.00198
scoring_system epss
scoring_elements 0.41879
published_at 2026-04-12T12:55:00Z
16
value 0.00198
scoring_system epss
scoring_elements 0.41867
published_at 2026-04-13T12:55:00Z
17
value 0.00198
scoring_system epss
scoring_elements 0.41917
published_at 2026-04-16T12:55:00Z
18
value 0.00198
scoring_system epss
scoring_elements 0.41819
published_at 2026-04-21T12:55:00Z
19
value 0.00198
scoring_system epss
scoring_elements 0.41745
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3387
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/76954
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/76954
4
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
5
reference_url https://github.com/moodle/moodle/commit/3b6629c088f14c6ee8f13a009ff27441d164f334
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3b6629c088f14c6ee8f13a009ff27441d164f334
6
reference_url https://github.com/moodle/moodle/commit/61a339e59857fd36080f4a468a16cd6a539d90bb
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/61a339e59857fd36080f4a468a16cd6a539d90bb
7
reference_url https://web.archive.org/web/20121104220059/http://www.securityfocus.com/bid/54481
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121104220059/http://www.securityfocus.com/bid/54481
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3387
reference_id CVE-2012-3387
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3387
9
reference_url https://github.com/advisories/GHSA-w66h-c2vj-cm7f
reference_id GHSA-w66h-c2vj-cm7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w66h-c2vj-cm7f
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b6nc-pmkm-3ua1