CVE-2014-0123 in Moodle
Summary
by MITRE
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability identified as CVE-2014-0123 affects the wiki subsystem within Moodle learning management system across multiple version ranges including 2.3.11 and earlier, 2.4.x versions before 2.4.9, 2.5.x versions before 2.5.5, and 2.6.x versions before 2.6.2. This represents a critical access control flaw that undermines the security model of the platform. The issue stems from improper restrictions on wiki access permissions, specifically affecting both view and edit operations within the wiki subsystem.
The technical flaw manifests through a privilege escalation mechanism where authenticated users with the student role can exploit the Recent Activity block functionality to access individual wiki pages belonging to other students. This vulnerability operates at the authorization level rather than authentication, meaning legitimate users can leverage their existing access to perform unauthorized actions. The exploit requires minimal prerequisites since users only need student-level privileges to execute the attack, making it particularly dangerous in educational environments where student accounts are abundant.
This vulnerability has significant operational impact as it allows malicious actors to perform unauthorized wiki operations including viewing confidential student content, editing or modifying wiki entries, and potentially injecting malicious content into the system. The attack vector is particularly concerning because it leverages legitimate platform features rather than requiring exploitation of other vulnerabilities. The Recent Activity block serves as the attack pathway, enabling users to navigate to targeted wiki pages without proper authorization checks. This type of vulnerability directly violates the principle of least privilege and can result in data exposure, content tampering, and potential information leakage that could compromise student privacy and academic integrity.
The vulnerability maps to CWE-284 (Improper Access Control) and aligns with several ATT&CK techniques including T1078 (Valid Accounts) and T1566 (Phishing). Organizations should implement immediate mitigations including upgrading to patched versions of Moodle, reviewing and strengthening role-based access controls, and monitoring for unauthorized wiki access attempts. Additional protective measures include disabling unnecessary blocks for student users, implementing network segmentation, and conducting regular security audits of wiki content and access logs. The remediation process should also involve comprehensive user access reviews and ensuring proper role assignments to prevent similar privilege escalation scenarios in other subsystems.