VulnerableCode Package Details - pkg:composer/moodle/moodle@1.8.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-2ez9-qhs4-rfgc Aliases: CVE-2010-1618 GHSA-45ch-hxgr-vx8j	phpCAS client library and Moodle Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.
VCID-3eq5-fe6b-zbbd Aliases: CVE-2010-1616 GHSA-966m-m549-2878	Moodle is vulnerable to unauthorized new accounts creation Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.
VCID-am7n-yk56-5qcq Aliases: CVE-2010-1613 GHSA-j5rc-cr5w-vfg6	Moodle Session Fixation vulnerability Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.	1.9.8 Affected by 0 other vulnerabilities.
VCID-k7c7-e45x-3yg4 Aliases: CVE-2010-1619 GHSA-hhxf-w8hj-43w6	Moodle vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.
VCID-m5as-6axp-b3g5 Aliases: CVE-2010-1617 GHSA-q53j-c866-h9mw	Moodle doesn't properly check role user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.
VCID-tzjp-f9vc-nqe3 Aliases: CVE-2010-1614 GHSA-5fgv-cvr8-xg48	Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.
VCID-veb6-9f8w-jbd4 Aliases: CVE-2008-5153 GHSA-x7r4-26m9-hmgq		1.8.8 Affected by 0 other vulnerabilities. 1.9.4 Affected by 0 other vulnerabilities.
VCID-x1xw-7ked-hfgf Aliases: CVE-2010-1615 GHSA-9xp2-5fr9-7mwm	Moodle vulnerable to SQL injection Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.	1.8.12 Affected by 0 other vulnerabilities. 1.9.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2ez9-qhs4-rfgc
Aliases:
CVE-2010-1618
GHSA-45ch-hxgr-vx8j

phpCAS client library and Moodle Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

VCID-3eq5-fe6b-zbbd
Aliases:
CVE-2010-1616
GHSA-966m-m549-2878

Moodle is vulnerable to unauthorized new accounts creation Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

VCID-am7n-yk56-5qcq
Aliases:
CVE-2010-1613
GHSA-j5rc-cr5w-vfg6

Moodle Session Fixation vulnerability Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

1.9.8
Affected by 0 other vulnerabilities.

VCID-k7c7-e45x-3yg4
Aliases:
CVE-2010-1619
GHSA-hhxf-w8hj-43w6

Moodle vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

VCID-m5as-6axp-b3g5
Aliases:
CVE-2010-1617
GHSA-q53j-c866-h9mw

Moodle doesn't properly check role user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

VCID-tzjp-f9vc-nqe3
Aliases:
CVE-2010-1614
GHSA-5fgv-cvr8-xg48

Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

VCID-veb6-9f8w-jbd4
Aliases:
CVE-2008-5153
GHSA-x7r4-26m9-hmgq

1.8.8
Affected by 0 other vulnerabilities.

1.9.4
Affected by 0 other vulnerabilities.

VCID-x1xw-7ked-hfgf
Aliases:
CVE-2010-1615
GHSA-9xp2-5fr9-7mwm

Moodle vulnerable to SQL injection Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

1.8.12
Affected by 0 other vulnerabilities.

1.9.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-05T18:42:10.921292+00:00	GHSA Importer	Affected by	VCID-veb6-9f8w-jbd4	https://github.com/advisories/GHSA-x7r4-26m9-hmgq	37.0.0
2025-07-04T13:55:11.237856+00:00	GitLab Importer	Affected by	VCID-veb6-9f8w-jbd4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2008-5153.yml	37.0.0
2025-07-01T18:13:28.220265+00:00	GitLab Importer	Affected by	VCID-tzjp-f9vc-nqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1614.yml	36.1.3
2025-07-01T18:13:22.792041+00:00	GitLab Importer	Affected by	VCID-x1xw-7ked-hfgf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1615.yml	36.1.3
2025-07-01T18:13:21.143654+00:00	GitLab Importer	Affected by	VCID-am7n-yk56-5qcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1613.yml	36.1.3
2025-07-01T18:13:19.143461+00:00	GitLab Importer	Affected by	VCID-2ez9-qhs4-rfgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1618.yml	36.1.3
2025-07-01T18:13:17.510475+00:00	GitLab Importer	Affected by	VCID-m5as-6axp-b3g5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1617.yml	36.1.3
2025-07-01T18:13:14.915387+00:00	GitLab Importer	Affected by	VCID-3eq5-fe6b-zbbd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1616.yml	36.1.3
2025-07-01T18:13:13.920108+00:00	GitLab Importer	Affected by	VCID-k7c7-e45x-3yg4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2010-1619.yml	36.1.3
2025-07-01T14:32:17.134492+00:00	GHSA Importer	Affected by	VCID-x1xw-7ked-hfgf	https://github.com/advisories/GHSA-9xp2-5fr9-7mwm	36.1.3
2025-07-01T14:32:17.009633+00:00	GHSA Importer	Affected by	VCID-2ez9-qhs4-rfgc	https://github.com/advisories/GHSA-45ch-hxgr-vx8j	36.1.3
2025-07-01T14:32:16.925137+00:00	GHSA Importer	Affected by	VCID-k7c7-e45x-3yg4	https://github.com/advisories/GHSA-hhxf-w8hj-43w6	36.1.3
2025-07-01T14:32:16.906631+00:00	GHSA Importer	Affected by	VCID-am7n-yk56-5qcq	https://github.com/advisories/GHSA-j5rc-cr5w-vfg6	36.1.3
2025-07-01T14:32:16.889706+00:00	GHSA Importer	Affected by	VCID-tzjp-f9vc-nqe3	https://github.com/advisories/GHSA-5fgv-cvr8-xg48	36.1.3
2025-07-01T14:32:16.832334+00:00	GHSA Importer	Affected by	VCID-m5as-6axp-b3g5	https://github.com/advisories/GHSA-q53j-c866-h9mw	36.1.3
2025-07-01T14:32:16.810855+00:00	GHSA Importer	Affected by	VCID-3eq5-fe6b-zbbd	https://github.com/advisories/GHSA-966m-m549-2878	36.1.3