Search for vulnerabilities
Vulnerability details: VCID-65d2-5f6c-6yev
Vulnerability ID VCID-65d2-5f6c-6yev
Aliases CVE-2015-2267
GHSA-cm4r-58pj-h2ph
Summary Moodle allows attackers to extract archives to arbitrary directories mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-284 Improper Access Control
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
generic_textual MODERATE http://openwall.com/lists/oss-security/2015/03/16/1
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2015-2267
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2015-2267
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-cm4r-58pj-h2ph
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878
generic_textual MODERATE https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab
generic_textual MODERATE https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1
generic_textual MODERATE https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a
generic_textual MODERATE https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2
generic_textual MODERATE https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63
generic_textual MODERATE https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6
generic_textual MODERATE https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b
generic_textual MODERATE https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f
generic_textual MODERATE https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=307381
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2015-2267
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
http://openwall.com/lists/oss-security/2015/03/16/1
https://api.first.org/data/v1/epss?cve=CVE-2015-2267
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878
https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab
https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1
https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a
https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2
https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63
https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6
https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b
https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f
https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb
https://moodle.org/mod/forum/discuss.php?d=307381
https://nvd.nist.gov/vuln/detail/CVE-2015-2267
GHSA-cm4r-58pj-h2ph https://github.com/advisories/GHSA-cm4r-58pj-h2ph
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.4135
EPSS Score 0.0019
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:26:15.120175+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cm4r-58pj-h2ph/GHSA-cm4r-58pj-h2ph.json 36.1.3