VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-sbnd-jcfh-zkfd

Essentials
Severities (17)
References (9)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-sbnd-jcfh-zkfd
Aliases	CVE-2015-5338 GHSA-v33x-q8gh-4x42
Summary	Moodle multiple cross-site request forgery (CSRF) vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-352	Cross-Site Request Forgery (CSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	8.8	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109
generic_textual	HIGH	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2015-5338
epss	0.00153	https://api.first.org/data/v1/epss?cve=CVE-2015-5338
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-v33x-q8gh-4x42
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958
generic_textual	HIGH	https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485
generic_textual	HIGH	https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6
generic_textual	HIGH	https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6
cvssv3.1	8.8	https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107
generic_textual	HIGH	https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107
cvssv3.1	8.8	https://moodle.org/mod/forum/discuss.php?d=323233
generic_textual	HIGH	https://moodle.org/mod/forum/discuss.php?d=323233
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2015-5338
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2015-5338

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109
		https://api.first.org/data/v1/epss?cve=CVE-2015-5338
		https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958
		https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485
		https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6
		https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107
		https://moodle.org/mod/forum/discuss.php?d=323233
		https://nvd.nist.gov/vuln/detail/CVE-2015-5338
GHSA-v33x-q8gh-4x42		https://github.com/advisories/GHSA-v33x-q8gh-4x42

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://moodle.org/mod/forum/discuss.php?d=323233

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5338

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.36872
EPSS Score	0.00153
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:21.649410+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v33x-q8gh-4x42/GHSA-v33x-q8gh-4x42.json	36.1.3