VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-v4qm-48kk-pfaz

Vulnerability ID	VCID-v4qm-48kk-pfaz
Aliases	CVE-2014-3553 GHSA-mg69-5q59-8jcg
Summary	Moodle does not enforce the moodle/site:accessallgroups capability requirement mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://github.com/moodle/moodle/commit/5c74e0daca748ffbbbf17a410abd8c85335b2116
		https://github.com/moodle/moodle/commit/91c8d4da71a6706c70071f9182e8ae6110c86d70
		https://github.com/moodle/moodle/commit/e3fd900dcda7b603d7e0749008abd0d01290bbc3
		https://github.com/moodle/moodle/commit/f2946a5419a94f19cb3490a249fe0bb50161f254
		https://moodle.org/mod/forum/discuss.php?d=264268
CVE-2014-3553		https://nvd.nist.gov/vuln/detail/CVE-2014-3553
GHSA-mg69-5q59-8jcg		https://github.com/advisories/GHSA-mg69-5q59-8jcg

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:54.808718+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-3553.yml	38.6.0