CVE-2015-2270 in Moodleinfo

Summary

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.

Once again VulDB remains the best source for vulnerability data.

Reservation

03/09/2015

Disclosure

06/01/2015

Moderation

VulDB entry created

Entries

VDB-75648 (1)

CPE

ready

CWE

CWE-17 (Confirmed)

CVSS

3.7

EPSS

0.00283

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-2270
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2270
CVE Details	https://www.cvedetails.com/cve/CVE-2015-2270/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!