VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3zm6-1wuw-mqcu

Essentials
Severities (27)
References (14)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3zm6-1wuw-mqcu
Aliases	CVE-2015-5342 GHSA-6xpm-q8x9-j3rw
Summary	Moodle allows attackers to bypass intended access restrictions The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.3	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2015-5342
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2015-5342
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6xpm-q8x9-j3rw
cvssv3.1	4.3	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514
cvssv3.1	4.3	https://moodle.org/mod/forum/discuss.php?d=323237
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=323237
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2015-5342
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-5342

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569
		https://api.first.org/data/v1/epss?cve=CVE-2015-5342
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b
		https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f
		https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214
		https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e
		https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a
		https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece
		https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d
		https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514
		https://moodle.org/mod/forum/discuss.php?d=323237
		https://nvd.nist.gov/vuln/detail/CVE-2015-5342
GHSA-6xpm-q8x9-j3rw		https://github.com/advisories/GHSA-6xpm-q8x9-j3rw

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=323237

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5342

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.38081
EPSS Score	0.00163
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:28.315971+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xpm-q8x9-j3rw/GHSA-6xpm-q8x9-j3rw.json	36.1.3