GHSA-6vjf-48fh-vxxj

GitHub Security Advisory

Improper Handling of Parameters in moodle

✓ GitHub Reviewed MODERATE Has CVE

The URL parameters accepted by forum search were not limited to the allowed parameters.

Packagist moodle/moodle

Affected versions: 4.3.0 (fixed in 4.3.3)

Packagist moodle/moodle

Affected versions: 4.2.0 (fixed in 4.2.6)

Packagist moodle/moodle

Affected versions: 0 (fixed in 4.1.9)

CVE-2024-25979

GHSA ID

GHSA-6vjf-48fh-vxxj

Published

February 19, 2024 6:31 PM

Last Modified

January 23, 2025 10:29 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.