VDB

GCVE-VVD-MAGEIA-2014-230

GCVE-VVD-MAGEIA-2014-230
Advisory Published
Vulnetix · Advisory published May 19, 2014
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users (CVE-2014-0213). In Moodle before 2.6.3, MoodleMobile web service tokens, created automatically in login/token.php, were not expiring and were valid forever (CVE-2014-0214). In Moodle before 2.6.3, Some student details, including identities, were included in assignment marking pages and would have been revealed to screen readers or through code inspection (CVE-2014-0215). In Moodle before 2.6.3, Access to files linked on HTML blocks on the My home page was not being checked in the correct context, allowing access to unauthenticated users (CVE-2014-0216). In Moodle before 2.6.3, There was a lack of filtering in the URL downloader repository that could have been exploited for XSS (CVE-2014-0218). The 2.4 branch of Moodle will no longer be supported as of approximately June 2014, so the Moodle package has been upgraded to version 2.6.3 to fix these issues.

Affected Products

VendorProductVersionsPlatforms
Mageiamoodle0 (affected), 2.6.3-1.mga4 (unaffected)
Mageiamoodle0 (affected), 2.6.3-1.mga3 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›