Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5c29-qn3p-3yde
Vulnerability ID VCID-5c29-qn3p-3yde
Aliases CVE-2014-7846
GHSA-468q-9cmp-76wc
Summary Moodle does not consider the moodle/tag:edit capability before adding a tag tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965
http://openwall.com/lists/oss-security/2014/11/17/11
https://github.com/moodle/moodle/commit/1d9e0857f8bd9f21d25886f77cc13120f9d6be08
https://github.com/moodle/moodle/commit/932694ca59413ce8a0546b8bfb97e07e3b4cf17b
https://github.com/moodle/moodle/commit/bb69623c5c0754467f01f916f94446e1caddb6a8
https://moodle.org/mod/forum/discuss.php?d=275157
https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
CVE-2014-7846 https://nvd.nist.gov/vuln/detail/CVE-2014-7846
GHSA-468q-9cmp-76wc https://github.com/advisories/GHSA-468q-9cmp-76wc
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:37.355550+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-7846.yml 38.6.0