Main Vulnerability Database Vulnerabilities #VU40462

Security Features in Moodle - CVE-2015-5331

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40462

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-5331

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

How to mitigate CVE-2015-5331

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426
https://moodle.org/mod/forum/discuss.php?d=323228

Security Features in Moodle - CVE-2015-5331

Detailed vulnerability description

How to mitigate CVE-2015-5331

Sources

Please verify you're human