Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-d3yp-gq4c-vyf8
Vulnerability ID VCID-d3yp-gq4c-vyf8
Aliases CVE-2015-2271
GHSA-v3wp-35g3-m9mm
Summary Moodle does not consider the moodle/tag:flag capability tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
http://openwall.com/lists/oss-security/2015/03/16/1
https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27
https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b
https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7
https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba
https://moodle.org/mod/forum/discuss.php?d=307385
CVE-2015-2271 https://nvd.nist.gov/vuln/detail/CVE-2015-2271
GHSA-v3wp-35g3-m9mm https://github.com/advisories/GHSA-v3wp-35g3-m9mm
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:38.122913+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-2271.yml 38.6.0