VulnerableCode Vulnerability Details - VCID-uert-vark-uyb4

Search for vulnerabilities

Vulnerability details: VCID-uert-vark-uyb4

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uert-vark-uyb4
Aliases	CVE-2011-4300 GHSA-9p54-pc88-36c4
Summary	Moodle does not properly restrict access to category and course data The `file_browser` component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-284	Improper Access Control
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
generic_textual	MODERATE	http://moodle.org/mod/forum/discuss.php?d=188311
epss	0.0026	https://api.first.org/data/v1/epss?cve=CVE-2011-4300
epss	0.0026	https://api.first.org/data/v1/epss?cve=CVE-2011-4300
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=747444
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-9p54-pc88-36c4
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4300

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00
		http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00
		http://moodle.org/mod/forum/discuss.php?d=188311
		https://api.first.org/data/v1/epss?cve=CVE-2011-4300
		https://bugzilla.redhat.com/show_bug.cgi?id=747444
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be
		https://github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f
		https://github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00
		https://nvd.nist.gov/vuln/detail/CVE-2011-4300
GHSA-9p54-pc88-36c4		https://github.com/advisories/GHSA-9p54-pc88-36c4

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.49218
EPSS Score	0.0026
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:27:30.919830+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9p54-pc88-36c4/GHSA-9p54-pc88-36c4.json	36.1.3