VDB

GCVE-110-MAGEIA-2014-53

GCVE-110-MAGEIA-2014-53
Advisory Published
Vulnetix · Advisory published February 11, 2014
Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.8, some password changes on admin pages were being recorded and shown to administrators in the config log report (CVE-2014-0008). In Moodle before 2.4.8, users were able to log in as a user who in a is not in the same group without the permission to see all groups (CVE-2014-0009). In Moodle 2.4.8, custom profile fields and categories were open to deletion without proper session checking, due to two Cross-site Request Forgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010).

Affected Products

VendorProductVersionsPlatforms
Mageiapython-pybloomfiltermmap0 (affected), 0.3.11-1.mga3 (unaffected)
Mageiamoodle0 (affected), 2.4.8-1.mga4 (unaffected), 0 (affected), 2.4.8-1.mga4 (unaffected)
Mageiamoodle0 (affected), 2.4.8-1.mga3 (unaffected), 0 (affected), 2.4.8-1.mga3 (unaffected)
Mageiaw3af0 (affected), 1.1-2.3.mga3 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›