Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-y2vh-7r7h-9ugu
Vulnerability ID VCID-y2vh-7r7h-9ugu
Aliases CVE-2015-0211
GHSA-frhc-9hwc-x7j3
Summary Exposure of Sensitive Information to an Unauthorized Actor mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920
http://openwall.com/lists/oss-security/2015/01/19/1
https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7
https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4
https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d
https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002
https://moodle.org/mod/forum/discuss.php?d=278611
CVE-2015-0211 https://nvd.nist.gov/vuln/detail/CVE-2015-0211
GHSA-frhc-9hwc-x7j3 https://github.com/advisories/GHSA-frhc-9hwc-x7j3
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:47.021415+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0211.yml 38.6.0