Search for vulnerabilities
Vulnerability details: VCID-h89b-m5yz-j3ak
Vulnerability ID VCID-h89b-m5yz-j3ak
Aliases CVE-2016-2154
GHSA-fmq9-58q4-xjw5
Summary Moodle allows attackers to discover hidden course names admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.3 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2016-2154
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2016-2154
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fmq9-58q4-xjw5
cvssv3.1 4.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
generic_textual MODERATE https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
generic_textual MODERATE https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
generic_textual MODERATE https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
generic_textual MODERATE https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
generic_textual MODERATE https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
generic_textual MODERATE https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
cvssv3.1 4.3 https://moodle.org/mod/forum/discuss.php?d=330176
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=330176
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2016-2154
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2016-2154
cvssv3.1 4.3 https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
generic_textual MODERATE https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
cvssv3.1 4.3 http://www.openwall.com/lists/oss-security/2016/03/21/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2016/03/21/1
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
https://api.first.org/data/v1/epss?cve=CVE-2016-2154
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
https://moodle.org/mod/forum/discuss.php?d=330176
https://nvd.nist.gov/vuln/detail/CVE-2016-2154
https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
http://www.openwall.com/lists/oss-security/2016/03/21/1
GHSA-fmq9-58q4-xjw5 https://github.com/advisories/GHSA-fmq9-58q4-xjw5
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=330176
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2016/03/21/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.56627
EPSS Score 0.00348
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:28:53.633400+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fmq9-58q4-xjw5/GHSA-fmq9-58q4-xjw5.json 36.1.3