VulnerableCode Vulnerability Details - VCID-v1zc-czd1-huga

Search for vulnerabilities

Vulnerability details: VCID-v1zc-czd1-huga

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-v1zc-czd1-huga
Aliases	CVE-2014-9060 GHSA-c87j-9rrq-h3j8
Summary	Moodle allows attackers to trigger the generation of arbitrary messages The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/11/17/11
epss	0.00388	https://api.first.org/data/v1/epss?cve=CVE-2014-9060
epss	0.00388	https://api.first.org/data/v1/epss?cve=CVE-2014-9060
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-c87j-9rrq-h3j8
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/15bde5352bd4bdb54105c0fdfd956c9ca420e4c6
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/339c6eca3c881742178637cb41cc7ebbe4a3b6b0
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/44e712e9b72a30c6bc01112040854e91f5758605
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/edc89dfecb3f6891cea019baf2aecce51b3de41a
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=275165
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-9060
generic_textual	MODERATE	https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927
		http://openwall.com/lists/oss-security/2014/11/17/11
		https://api.first.org/data/v1/epss?cve=CVE-2014-9060
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/15bde5352bd4bdb54105c0fdfd956c9ca420e4c6
		https://github.com/moodle/moodle/commit/339c6eca3c881742178637cb41cc7ebbe4a3b6b0
		https://github.com/moodle/moodle/commit/44e712e9b72a30c6bc01112040854e91f5758605
		https://github.com/moodle/moodle/commit/edc89dfecb3f6891cea019baf2aecce51b3de41a
		https://moodle.org/mod/forum/discuss.php?d=275165
		https://nvd.nist.gov/vuln/detail/CVE-2014-9060
		https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
GHSA-c87j-9rrq-h3j8		https://github.com/advisories/GHSA-c87j-9rrq-h3j8

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.5908
EPSS Score	0.00388
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:51.863893+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c87j-9rrq-h3j8/GHSA-c87j-9rrq-h3j8.json	36.1.3