VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-muhq-8whw-9udg

Essentials
Severities (27)
References (16)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-muhq-8whw-9udg
Aliases	CVE-2016-3734 GHSA-r867-v437-4rrm
Summary	Moodle Cross-site request forgery (CSRF) vulnerability Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-352	Cross-Site Request Forgery (CSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	8.8	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
generic_textual	HIGH	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2016-3734
epss	0.00126	https://api.first.org/data/v1/epss?cve=CVE-2016-3734
cvssv3.1	8.8	https://bugzilla.redhat.com/show_bug.cgi?id=1335933
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1335933
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-r867-v437-4rrm
cvssv3.1	8.8	https://github.com/moodle/moodle
generic_textual	HIGH	https://github.com/moodle/moodle
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57
generic_textual	HIGH	https://github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a
generic_textual	HIGH	https://github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305
generic_textual	HIGH	https://github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f
generic_textual	HIGH	https://github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2
generic_textual	HIGH	https://github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2016-3734
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2016-3734
cvssv3.1	8.8	https://web.archive.org/web/20160703032310/http://www.securitytracker.com/id/1035902
generic_textual	HIGH	https://web.archive.org/web/20160703032310/http://www.securitytracker.com/id/1035902
cvssv3.1	8.8	https://web.archive.org/web/20160930194927/http://www.securityfocus.com/bid/91281
generic_textual	HIGH	https://web.archive.org/web/20160930194927/http://www.securityfocus.com/bid/91281
cvssv3.1	8.8	http://www.openwall.com/lists/oss-security/2016/05/17/4
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2016/05/17/4

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
		https://api.first.org/data/v1/epss?cve=CVE-2016-3734
		https://bugzilla.redhat.com/show_bug.cgi?id=1335933
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57
		https://github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a
		https://github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305
		https://github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f
		https://github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2
		https://nvd.nist.gov/vuln/detail/CVE-2016-3734
		https://web.archive.org/web/20160703032310/http://www.securitytracker.com/id/1035902
		https://web.archive.org/web/20160930194927/http://www.securityfocus.com/bid/91281
		http://www.openwall.com/lists/oss-security/2016/05/17/4
		http://www.securityfocus.com/bid/91281
		http://www.securitytracker.com/id/1035902
GHSA-r867-v437-4rrm		https://github.com/advisories/GHSA-r867-v437-4rrm

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-3734

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20160703032310/http://www.securitytracker.com/id/1035902

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20160930194927/http://www.securityfocus.com/bid/91281

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/05/17/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.32887
EPSS Score	0.00126
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:33.404878+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r867-v437-4rrm/GHSA-r867-v437-4rrm.json	36.1.3