Search for vulnerabilities
Vulnerability details: VCID-6udp-mhxb-ufat
Vulnerability ID VCID-6udp-mhxb-ufat
Aliases CVE-2014-3541
GHSA-fccf-p8fx-vjj4
Summary Moodle vulnerable to PHP object injection attacks The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
generic_textual HIGH http://openwall.com/lists/oss-security/2014/07/21/1
epss 0.01935 https://api.first.org/data/v1/epss?cve=CVE-2014-3541
epss 0.01935 https://api.first.org/data/v1/epss?cve=CVE-2014-3541
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-fccf-p8fx-vjj4
generic_textual HIGH https://github.com/moodle/moodle
generic_textual HIGH https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
generic_textual HIGH https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
generic_textual HIGH https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
generic_textual HIGH https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
generic_textual HIGH https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
generic_textual HIGH https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
generic_textual HIGH https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
generic_textual HIGH https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
generic_textual HIGH https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=264262
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2014-3541
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
http://openwall.com/lists/oss-security/2014/07/21/1
https://api.first.org/data/v1/epss?cve=CVE-2014-3541
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
https://moodle.org/mod/forum/discuss.php?d=264262
https://nvd.nist.gov/vuln/detail/CVE-2014-3541
GHSA-fccf-p8fx-vjj4 https://github.com/advisories/GHSA-fccf-p8fx-vjj4
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.82538
EPSS Score 0.01935
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:40.754018+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fccf-p8fx-vjj4/GHSA-fccf-p8fx-vjj4.json 36.1.3