Search for vulnerabilities
Vulnerability details: VCID-fz4a-5w9p-73hm
Vulnerability ID VCID-fz4a-5w9p-73hm
Aliases CVE-2016-3733
GHSA-gr8j-qm8r-rfgg
Summary Moodle Improper Access Control The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-284 Improper Access Control
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-3733
epss 0.00442 https://api.first.org/data/v1/epss?cve=CVE-2016-3733
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=1335933
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1335933
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gr8j-qm8r-rfgg
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
generic_textual MODERATE https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
generic_textual MODERATE https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
generic_textual MODERATE https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
generic_textual MODERATE https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-3733
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2016-3733
cvssv3.1 4.3 http://www.openwall.com/lists/oss-security/2016/05/17/4
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2016/05/17/4
cvssv3.1 4.3 http://www.securitytracker.com/id/1035902
generic_textual MODERATE http://www.securitytracker.com/id/1035902
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
https://api.first.org/data/v1/epss?cve=CVE-2016-3733
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
https://nvd.nist.gov/vuln/detail/CVE-2016-3733
http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securitytracker.com/id/1035902
GHSA-gr8j-qm8r-rfgg https://github.com/advisories/GHSA-gr8j-qm8r-rfgg
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1335933
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/12c28574868d6f6e5c57fb63298c82cb8bdd0bb6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/24b0c3c86ae96e46b87d6e9d6bcf4a6014dae8f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/2950f9fb9128f9ae48e00b864da90be76c2bf139
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/3c9d2b104023a8b9fdc5f4d7e136083babd2609a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3733
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2016/05/17/4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://www.securitytracker.com/id/1035902
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.62323
EPSS Score 0.00442
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:26:03.308836+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gr8j-qm8r-rfgg/GHSA-gr8j-qm8r-rfgg.json 36.1.3