VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-n9uc-b76m-8fbs

Vulnerability ID	VCID-n9uc-b76m-8fbs
Aliases	CVE-2015-3181 GHSA-622h-cjgg-5mx6
Summary	Moodle allows attackers to bypass file-management restrictions files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994
		http://openwall.com/lists/oss-security/2015/05/18/1
		https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171
		https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0
		https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f
		https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438
		https://moodle.org/mod/forum/discuss.php?d=313688
		https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728
		https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
CVE-2015-3181		https://nvd.nist.gov/vuln/detail/CVE-2015-3181
GHSA-622h-cjgg-5mx6		https://github.com/advisories/GHSA-622h-cjgg-5mx6

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:46.162417+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3181.yml	38.6.0