VulnerableCode Vulnerability Details - VCID-uwvg-zdaw-bqge

Search for vulnerabilities

Vulnerability details: VCID-uwvg-zdaw-bqge

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uwvg-zdaw-bqge
Aliases	CVE-2014-3546 GHSA-4c5g-w3gf-rf4f
Summary	Moodle allows attackers to obtain username and course information Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/07/21/1
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2014-3546
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2014-3546
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4c5g-w3gf-rf4f
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=264267
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3546

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-3546
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312
		https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90
		https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39
		https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9
		https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151
		https://moodle.org/mod/forum/discuss.php?d=264267
		https://nvd.nist.gov/vuln/detail/CVE-2014-3546
GHSA-4c5g-w3gf-rf4f		https://github.com/advisories/GHSA-4c5g-w3gf-rf4f

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.51283
EPSS Score	0.00283
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:42.892858+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4c5g-w3gf-rf4f/GHSA-4c5g-w3gf-rf4f.json	36.1.3