Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bfmx-cwap-8yhp
Vulnerability ID VCID-bfmx-cwap-8yhp
Aliases CVE-2014-7847
GHSA-6vjg-2q57-rgfw
Summary Moodle allows attackers to cause a denial of service iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399 Resource Management Errors
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321
http://openwall.com/lists/oss-security/2014/11/17/11
https://github.com/moodle/moodle/commit/324b018bbce2f56198fe8808968bad6c8798710a
https://github.com/moodle/moodle/commit/35a60cbb382d78ddb9d54c772816db4c5007ca7e
https://github.com/moodle/moodle/commit/6ec47a64acf8576916c20dcbb436b0ae41a63440
https://github.com/moodle/moodle/commit/eb46bf2f4e80f4421255f6aee00b73448ba582a7
https://moodle.org/mod/forum/discuss.php?d=275158
https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
CVE-2014-7847 https://nvd.nist.gov/vuln/detail/CVE-2014-7847
GHSA-6vjg-2q57-rgfw https://github.com/advisories/GHSA-6vjg-2q57-rgfw
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:43.688697+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-7847.yml 38.6.0