CVE-2015-5341

MEDIUM

Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Privilege Escalation

Title source: llm

Description

mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.

References (2)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=323236

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200 CWE-264

Status draft

Affected Products (25)

moodle/moodle < 2.6.11

moodle/moodle

... and 10 more

Timeline

Published Feb 22, 2016

Tracked Since Feb 18, 2026