VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-b23r-f9nu-b7dy

Essentials
Severities (23)
References (12)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-b23r-f9nu-b7dy
Aliases	CVE-2015-5265 GHSA-44xp-wj24-9xxj
Summary	Moodle allows attackers to delete files The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.3	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2015-5265
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2015-5265
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-44xp-wj24-9xxj
cvssv3.1	4.3	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1
cvssv3.1	4.3	https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d
cvssv3.1	4.3	https://moodle.org/mod/forum/discuss.php?d=320289
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=320289
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2015-5265
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-5265
cvssv3.1	4.3	https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
generic_textual	MODERATE	https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
cvssv3.1	4.3	http://www.openwall.com/lists/oss-security/2015/09/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2015/09/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
		https://api.first.org/data/v1/epss?cve=CVE-2015-5265
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585
		https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea
		https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1
		https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d
		https://moodle.org/mod/forum/discuss.php?d=320289
		https://nvd.nist.gov/vuln/detail/CVE-2015-5265
		https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
		http://www.openwall.com/lists/oss-security/2015/09/21/1
GHSA-44xp-wj24-9xxj		https://github.com/advisories/GHSA-44xp-wj24-9xxj

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=320289

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5265

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2015/09/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.53157
EPSS Score	0.00304
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:11.966979+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-44xp-wj24-9xxj/GHSA-44xp-wj24-9xxj.json	36.1.3