Search for vulnerabilities
Vulnerability details: VCID-fvxz-7cvt-sbe9
Vulnerability ID VCID-fvxz-7cvt-sbe9
Aliases CVE-2016-5014
GHSA-c4cq-v4wp-28hg
Summary Moodle sensitive information disclosure In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=336699
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-5014
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)
Percentile 0.44213
EPSS Score 0.00215
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:28.457413+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c4cq-v4wp-28hg/GHSA-c4cq-v4wp-28hg.json 36.1.3