VulnerableCode Vulnerability Details - VCID-srvt-8pcd-gkfr

Search for vulnerabilities

Vulnerability details: VCID-srvt-8pcd-gkfr

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-srvt-8pcd-gkfr
Aliases	CVE-2014-0216 GHSA-8rc7-4qfv-4484
Summary	Moodle does not properly restrict file access The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/05/19/1
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2014-0216
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2014-0216
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-8rc7-4qfv-4484
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=260364
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-0216

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
		http://openwall.com/lists/oss-security/2014/05/19/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-0216
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
		https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
		https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
		https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
		https://moodle.org/mod/forum/discuss.php?d=260364
		https://nvd.nist.gov/vuln/detail/CVE-2014-0216
GHSA-8rc7-4qfv-4484		https://github.com/advisories/GHSA-8rc7-4qfv-4484

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.51283
EPSS Score	0.00283
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:43.250558+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rc7-4qfv-4484/GHSA-8rc7-4qfv-4484.json	36.1.3