VDB
GCVE-110-MAGEIA-2015-32
GCVE-110-MAGEIA-2015-32
Advisory Published
Updated moodle package fixes security vulnerabilities:
In Moodle before 2.6.7, absence of a capability check in AJAX backend script
in the LTI module could allow any enrolled user to search the list of
registered tools (CVE-2015-0211).
In Moodle before 2.6.7, the course summary on course request pending approval
page was displayed to the manager unescaped and could be used for XSS attack
(CVE-2015-0212).
In Moodle before 2.6.7, two files in the Glossary module lacked a session key
check potentially allowing cross-site request forgery (CVE-2015-0213).
In Moodle before 2.6.7, through web-services it was possible to access
messaging-related functions such as people search even if messaging is
disabled on the site (CVE-2015-0214).
In Moodle before 2.6.7, through web-services it was possible to get
information about calendar events which user did not have enough permissions
to see (CVE-2015-0215).
In Moodle before 2.6.7, non-optimal regular expression in the multimedia
filter could be exploited to create extra server load or make particular page
unavailable, resulting in a denial of service (CVE-2015-0217).
In Moodle before 2.6.7, it was possible to forge a request to logout users
even when not authenticated through Shibboleth (CVE-2015-0218).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | moodle | 0 (affected), 2.6.7-1.mga4 (unaffected), 0 (affected), 2.6.7-1.mga4 (unaffected) | — |
| Mageia | rpm | 0 (affected), 4.11.1-9.1.mga4 (unaffected) | — |
References
Browse GCVE Records
72,148 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.