VDB
GCVE-VVD-MAGEIA-2014-230
GCVE-VVD-MAGEIA-2014-230
Advisory Published
Updated moodle package fixes security vulnerabilities:
In Moodle before 2.6.3, Session checking was not being performed correctly
in Assignment's quick-grading, allowing forged requests to be made
unknowingly by authenticated users (CVE-2014-0213).
In Moodle before 2.6.3, MoodleMobile web service tokens, created
automatically in login/token.php, were not expiring and were valid forever
(CVE-2014-0214).
In Moodle before 2.6.3, Some student details, including identities, were
included in assignment marking pages and would have been revealed to
screen readers or through code inspection (CVE-2014-0215).
In Moodle before 2.6.3, Access to files linked on HTML blocks on the My
home page was not being checked in the correct context, allowing access to
unauthenticated users (CVE-2014-0216).
In Moodle before 2.6.3, There was a lack of filtering in the URL
downloader repository that could have been exploited for XSS
(CVE-2014-0218).
The 2.4 branch of Moodle will no longer be supported as of approximately
June 2014, so the Moodle package has been upgraded to version 2.6.3 to fix
these issues.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | moodle | 0 (affected), 2.6.3-1.mga4 (unaffected) | — |
| Mageia | moodle | 0 (affected), 2.6.3-1.mga3 (unaffected) | — |
References
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.