VulnerableCode Vulnerability Details - VCID-a72f-ck6z-cfc1

Search for vulnerabilities

Vulnerability details: VCID-a72f-ck6z-cfc1

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-a72f-ck6z-cfc1
Aliases	CVE-2014-7832 GHSA-mphj-h2fc-62x3
Summary	Moodle allows attackers to bypass the mod/lti:view capability requirement mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/11/17/11
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2014-7832
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2014-7832
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mphj-h2fc-62x3
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/263f78b8b804fe7dbcd6ffadcadad2c94a0093f7
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8e34d8e85b971a01459797799c0696cfeaae9cc0
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/c844af2569e972195db8bca683c1fdf2ddbc3a59
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/fe8430e0dc2a50ea8e03d709e95d1226631d0d52
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=275154
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-7832
generic_textual	MODERATE	https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
		http://openwall.com/lists/oss-security/2014/11/17/11
		https://api.first.org/data/v1/epss?cve=CVE-2014-7832
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/263f78b8b804fe7dbcd6ffadcadad2c94a0093f7
		https://github.com/moodle/moodle/commit/8e34d8e85b971a01459797799c0696cfeaae9cc0
		https://github.com/moodle/moodle/commit/c844af2569e972195db8bca683c1fdf2ddbc3a59
		https://github.com/moodle/moodle/commit/fe8430e0dc2a50ea8e03d709e95d1226631d0d52
		https://moodle.org/mod/forum/discuss.php?d=275154
		https://nvd.nist.gov/vuln/detail/CVE-2014-7832
		https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
GHSA-mphj-h2fc-62x3		https://github.com/advisories/GHSA-mphj-h2fc-62x3

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.47496
EPSS Score	0.00243
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:38.644794+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mphj-h2fc-62x3/GHSA-mphj-h2fc-62x3.json	36.1.3