VulnerableCode Vulnerability Details - VCID-bvjv-cdnz-hfe5

Search for vulnerabilities

Vulnerability details: VCID-bvjv-cdnz-hfe5

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bvjv-cdnz-hfe5
Aliases	CVE-2012-5471 GHSA-mpjx-8phj-5m34
Summary	Moodle Allows Unauthenticated Dropbox Access The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-287	Improper Authentication
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2012/11/19/1
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2012-5471
epss	0.00498	https://api.first.org/data/v1/epss?cve=CVE-2012-5471
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mpjx-8phj-5m34
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=216155
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-5471
generic_textual	MODERATE	https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
		http://openwall.com/lists/oss-security/2012/11/19/1
		https://api.first.org/data/v1/epss?cve=CVE-2012-5471
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
		https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
		https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
		https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
		https://moodle.org/mod/forum/discuss.php?d=216155
		https://nvd.nist.gov/vuln/detail/CVE-2012-5471
		https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505
GHSA-mpjx-8phj-5m34		https://github.com/advisories/GHSA-mpjx-8phj-5m34

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.64839
EPSS Score	0.00498
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:01.978986+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mpjx-8phj-5m34/GHSA-mpjx-8phj-5m34.json	36.1.3