VulnerableCode Vulnerability Details - VCID-hnua-2hc4-8khx

Search for vulnerabilities

Vulnerability details: VCID-hnua-2hc4-8khx

Essentials
Severities (14)
References (13)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hnua-2hc4-8khx
Aliases	CVE-2015-3181 GHSA-622h-cjgg-5mx6
Summary	Moodle allows attackers to bypass file-management restrictions files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2015/05/18/1
epss	0.00328	https://api.first.org/data/v1/epss?cve=CVE-2015-3181
epss	0.00328	https://api.first.org/data/v1/epss?cve=CVE-2015-3181
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-622h-cjgg-5mx6
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=313688
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-3181
generic_textual	MODERATE	https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728
generic_textual	MODERATE	https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994
		http://openwall.com/lists/oss-security/2015/05/18/1
		https://api.first.org/data/v1/epss?cve=CVE-2015-3181
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171
		https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0
		https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f
		https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438
		https://moodle.org/mod/forum/discuss.php?d=313688
		https://nvd.nist.gov/vuln/detail/CVE-2015-3181
		https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728
		https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
GHSA-622h-cjgg-5mx6		https://github.com/advisories/GHSA-622h-cjgg-5mx6

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.54989
EPSS Score	0.00328
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:01.932155+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-622h-cjgg-5mx6/GHSA-622h-cjgg-5mx6.json	36.1.3