VulnerableCode Vulnerability Details - VCID-4ru6-dsde-fye6

Search for vulnerabilities

Vulnerability details: VCID-4ru6-dsde-fye6

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4ru6-dsde-fye6
Aliases	CVE-2015-2270 GHSA-fp4h-j22r-vwcv
Summary	Moodle allows attackers to obtain sensitive course information lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-17	DEPRECATED: Code
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2015/03/16/1
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2015-2270
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2015-2270
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fp4h-j22r-vwcv
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=307384
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-2270

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
		http://openwall.com/lists/oss-security/2015/03/16/1
		https://api.first.org/data/v1/epss?cve=CVE-2015-2270
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d
		https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62
		https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494
		https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883
		https://moodle.org/mod/forum/discuss.php?d=307384
		https://nvd.nist.gov/vuln/detail/CVE-2015-2270
GHSA-fp4h-j22r-vwcv		https://github.com/advisories/GHSA-fp4h-j22r-vwcv

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.51283
EPSS Score	0.00283
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:58.289544+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fp4h-j22r-vwcv/GHSA-fp4h-j22r-vwcv.json	36.1.3