VulnerableCode Vulnerability Details - VCID-qxyw-7hnt-hqd6

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-qxyw-7hnt-hqd6

Essentials
Severities (18)
References (17)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qxyw-7hnt-hqd6
Aliases	CVE-2014-3545 GHSA-3m99-h3hp-w9j7
Summary	Improper Control of Generation of Code ('Code Injection') Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-94	Improper Control of Generation of Code ('Code Injection')

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/07/21/1
epss	0.01284	https://api.first.org/data/v1/epss?cve=CVE-2014-3545
epss	0.01284	https://api.first.org/data/v1/epss?cve=CVE-2014-3545
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3m99-h3hp-w9j7
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/155bc7547227dc2047cfc8630cbfe121888b359b
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/29005a5418894b76e62e44bbc2c9e4ddee8f5ce6
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/44f726a7b1d351b39bb2a6a30c1b30027fabd000
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/539a25ff03fae377758d62caefcc71a2418e9a84
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/5c6c172033e3fb4afce862f8b32b459f5c35ad19
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/66de66fe6a8ce8f491562edad0a14f26d4808cb4
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/770d3ce42669067eca2bcee22d142ed7fec08550
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/82b3260eab2db58dfa9510645fd2c60ee0ce142e
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/88ec9f308da6a4bc7a735458cdf72648357d501d
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=264266
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3545

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-3545
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426
		https://github.com/moodle/moodle/commit/155bc7547227dc2047cfc8630cbfe121888b359b
		https://github.com/moodle/moodle/commit/29005a5418894b76e62e44bbc2c9e4ddee8f5ce6
		https://github.com/moodle/moodle/commit/44f726a7b1d351b39bb2a6a30c1b30027fabd000
		https://github.com/moodle/moodle/commit/539a25ff03fae377758d62caefcc71a2418e9a84
		https://github.com/moodle/moodle/commit/5c6c172033e3fb4afce862f8b32b459f5c35ad19
		https://github.com/moodle/moodle/commit/66de66fe6a8ce8f491562edad0a14f26d4808cb4
		https://github.com/moodle/moodle/commit/770d3ce42669067eca2bcee22d142ed7fec08550
		https://github.com/moodle/moodle/commit/82b3260eab2db58dfa9510645fd2c60ee0ce142e
		https://github.com/moodle/moodle/commit/88ec9f308da6a4bc7a735458cdf72648357d501d
		https://moodle.org/mod/forum/discuss.php?d=264266
CVE-2014-3545		https://nvd.nist.gov/vuln/detail/CVE-2014-3545
GHSA-3m99-h3hp-w9j7		https://github.com/advisories/GHSA-3m99-h3hp-w9j7

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.79954
EPSS Score	0.01284
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:43:07.371773+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-3545.yml	38.6.0