VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vxz9-7b2q-g3af

Essentials
Severities (35)
References (18)
Severity details (33)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vxz9-7b2q-g3af
Aliases	CVE-2015-5264 GHSA-mm9q-3847-m48x
Summary	Moodle allows attackers to enter additional answer attempts The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.4	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2015-5264
epss	0.00161	https://api.first.org/data/v1/epss?cve=CVE-2015-5264
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mm9q-3847-m48x
cvssv3.1	5.4	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356
cvssv3.1	5.4	https://moodle.org/mod/forum/discuss.php?d=320287
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=320287
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2015-5264
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-5264
cvssv3.1	5.4	https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
generic_textual	MODERATE	https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
cvssv3.1	5.4	http://www.openwall.com/lists/oss-security/2015/09/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2015/09/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
		https://api.first.org/data/v1/epss?cve=CVE-2015-5264
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84
		https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869
		https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091
		https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc
		https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4
		https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d
		https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840
		https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
		https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca
		https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356
		https://moodle.org/mod/forum/discuss.php?d=320287
		https://nvd.nist.gov/vuln/detail/CVE-2015-5264
		https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
		http://www.openwall.com/lists/oss-security/2015/09/21/1
GHSA-mm9q-3847-m48x		https://github.com/advisories/GHSA-mm9q-3847-m48x

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=320287

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5264

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2015/09/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.37817
EPSS Score	0.00161
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:27.222231+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mm9q-3847-m48x/GHSA-mm9q-3847-m48x.json	36.1.3