Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-37j1-ym2f-1fbc
Vulnerability ID VCID-37j1-ym2f-1fbc
Aliases CVE-2015-3272
GHSA-2hw2-h3mf-c2j9
Summary Moodle open redirect vulnerability Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
http://openwall.com/lists/oss-security/2015/07/13/2
https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
https://moodle.org/mod/forum/discuss.php?d=316662
https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
CVE-2015-3272 https://nvd.nist.gov/vuln/detail/CVE-2015-3272
GHSA-2hw2-h3mf-c2j9 https://github.com/advisories/GHSA-2hw2-h3mf-c2j9
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:46.289085+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3272.yml 38.6.0