Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-b9ej-hx7z-1bb8
Vulnerability ID VCID-b9ej-hx7z-1bb8
Aliases CVE-2015-5340
GHSA-mmvj-j7hq-rx85
Summary Moodle sensitive information disclosure Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) `badges/overview.php` or (2) `badges/view.php`.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3
https://github.com/moodle/moodle/commit/65734f149f3c7e6cce9402f51f9a97deb31170db
https://github.com/moodle/moodle/commit/7cff64fdbfff749e779cb625fbddcce737355100
https://github.com/moodle/moodle/commit/d41fa94a69bebeca69a4cd5332bb9569cfd87b99
https://github.com/moodle/moodle/commit/d70f610615242c5c7b3ae0bf7ef6868520dcd850
https://moodle.org/mod/forum/discuss.php?d=323235
CVE-2015-5340 https://nvd.nist.gov/vuln/detail/CVE-2015-5340
GHSA-mmvj-j7hq-rx85 https://github.com/advisories/GHSA-mmvj-j7hq-rx85
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:55.605711+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-5340.yml 38.6.0