GHSA-wwjf-gwrv-wh45
GitHub Security Advisory
Moodle's IDOR in badges allows deletion of arbitrary badges
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
Affected Packages
Packagist
moodle/moodle
Affected versions:
0
(fixed in 4.1.12)
Packagist
moodle/moodle
Affected versions:
4.2.0-beta
(fixed in 4.2.9)
Packagist
moodle/moodle
Affected versions:
4.3.0-beta
(fixed in 4.3.6)
Packagist
moodle/moodle
Affected versions:
4.4.0-beta
(fixed in 4.4.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: September 15, 2025 6:32 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.