Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9x63-m3cc-qf3g

GitHub Security Advisory

Moodle Unauthorized searching of arbitrary blogs by typing full url

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Affected Packages

Packagist moodle/moodle
Affected versions: 3.2 (fixed in 3.2.3)
Packagist moodle/moodle
Affected versions: 3.1 (fixed in 3.1.6)
Packagist moodle/moodle
Affected versions: 3.0 (fixed in 3.0.10)
Packagist moodle/moodle
Affected versions: 2.7 (fixed in 2.7.20)

Related CVEs

CVE-2017-7490

Key Information

GHSA ID
GHSA-9x63-m3cc-qf3g
Published
May 13, 2022 1:47 AM
Last Modified
April 23, 2024 10:51 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
moodle/moodle
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 3, 2025 6:48 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.