CVE-2015-5341

MEDIUM

Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Privilege Escalation

Title source: llm

Description

mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://moodle.org/mod/forum/discuss.php?d=323236

Patch x_refsource_confirm

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200 CWE-264

Status published

Products (25)

moodle/moodle 2.7.0

moodle/moodle 2.7.1

moodle/moodle 2.7.2

moodle/moodle 2.7.3

moodle/moodle 2.7.4

moodle/moodle 2.7.5

moodle/moodle 2.7.6

moodle/moodle 2.7.7

moodle/moodle 2.7.8

moodle/moodle 2.7.9

... and 15 more

Published Feb 22, 2016

Tracked Since Feb 18, 2026