VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5tcn-qsre-bbh4

Essentials
Severities (23)
References (12)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5tcn-qsre-bbh4
Aliases	CVE-2015-3272 GHSA-2hw2-h3mf-c2j9
Summary	Moodle open redirect vulnerability Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.4	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
generic_textual	HIGH	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
cvssv3.1	7.4	http://openwall.com/lists/oss-security/2015/07/13/2
generic_textual	HIGH	http://openwall.com/lists/oss-security/2015/07/13/2
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2015-3272
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2015-3272
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-2hw2-h3mf-c2j9
cvssv3.1	7.4	https://github.com/moodle/moodle
generic_textual	HIGH	https://github.com/moodle/moodle
cvssv3.1	7.4	https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
generic_textual	HIGH	https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
cvssv3.1	7.4	https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
generic_textual	HIGH	https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
cvssv3.1	7.4	https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
generic_textual	HIGH	https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
cvssv3.1	7.4	https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
generic_textual	HIGH	https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
cvssv3.1	7.4	https://moodle.org/mod/forum/discuss.php?d=316662
generic_textual	HIGH	https://moodle.org/mod/forum/discuss.php?d=316662
cvssv3.1	7.4	https://nvd.nist.gov/vuln/detail/CVE-2015-3272
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2015-3272
cvssv3.1	7.4	https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
generic_textual	HIGH	https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
		http://openwall.com/lists/oss-security/2015/07/13/2
		https://api.first.org/data/v1/epss?cve=CVE-2015-3272
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
		https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
		https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
		https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
		https://moodle.org/mod/forum/discuss.php?d=316662
		https://nvd.nist.gov/vuln/detail/CVE-2015-3272
		https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
GHSA-2hw2-h3mf-c2j9		https://github.com/advisories/GHSA-2hw2-h3mf-c2j9

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at http://openwall.com/lists/oss-security/2015/07/13/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://moodle.org/mod/forum/discuss.php?d=316662

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-3272

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N Found at https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.56564
EPSS Score	0.00347
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:40.524173+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2hw2-h3mf-c2j9/GHSA-2hw2-h3mf-c2j9.json	36.1.3