Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v54t-5thx-1beu
Vulnerability ID VCID-v54t-5thx-1beu
Aliases CVE-2016-8642
GHSA-x32v-7qw8-cpq8
Summary Improper Access Control In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
https://moodle.org/mod/forum/discuss.php?d=343275
https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
CVE-2016-8642 https://nvd.nist.gov/vuln/detail/CVE-2016-8642
GHSA-x32v-7qw8-cpq8 https://github.com/advisories/GHSA-x32v-7qw8-cpq8
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:45.203367+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2016-8642.yml 38.6.0