Vulnerability DatabaseCVE-2015-5264
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-5264
Published:February 22, 2016
Updated:May 17, 2026
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Affected Packages
moodle/moodle (PHP):
Affected version(s) >=v2.9.0 <v2.9.2
Fix Suggestion:
Update to version v2.9.2
moodle/moodle (PHP):
Affected version(s) >=v2.8.0 <v2.8.8
Fix Suggestion:
Update to version v2.8.8
moodle/moodle (PHP):
Affected version(s) >=v2.7.0 <v2.7.10
Fix Suggestion:
Update to version v2.7.10
Related Resources (17)
https://nvd.nist.gov/vuln/detail/CVE-2015-5264
https://moodle.org/mod/forum/discuss.php?d=320287
https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d
http://www.openwall.com/lists/oss-security/2015/09/21/1
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356
https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869
https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca
https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84
https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619
https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4
https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc
https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840
https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091
http://www.securitytracker.com/id/1033619
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
EPSS
Base Score:
0.24