VulnerableCode Vulnerability Details - VCID-r413-wkwu-wybe

Search for vulnerabilities

Vulnerability details: VCID-r413-wkwu-wybe

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-r413-wkwu-wybe
Aliases	CVE-2015-2271 GHSA-v3wp-35g3-m9mm
Summary	Moodle does not consider the moodle/tag:flag capability tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2015/03/16/1
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2015-2271
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2015-2271
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-v3wp-35g3-m9mm
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=307385
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-2271

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
		http://openwall.com/lists/oss-security/2015/03/16/1
		https://api.first.org/data/v1/epss?cve=CVE-2015-2271
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27
		https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b
		https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7
		https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba
		https://moodle.org/mod/forum/discuss.php?d=307385
		https://nvd.nist.gov/vuln/detail/CVE-2015-2271
GHSA-v3wp-35g3-m9mm		https://github.com/advisories/GHSA-v3wp-35g3-m9mm

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.43286
EPSS Score	0.00207
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:03.313745+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v3wp-35g3-m9mm/GHSA-v3wp-35g3-m9mm.json	36.1.3