Primary

Context

Moodle User Data Exposure Vulnerability via Unauthenticated API Calls

Vulnerability

Patched

A vulnerability exists in Moodle versions 4.5 to 4.5.2, allowing unauthenticated users to access sensitive user information, such as names, contact details, and hashed passwords. This data exposure occurs through stack traces generated by certain API calls. However, sites with PHP configured to ignore exception arguments are not vulnerable.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user information, including names, contact details, and hashed passwords.

Remediation

Users can upgrade to Moodle version 4.5.3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle User Data Exposure Vulnerability via Unauthenticated API Calls

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating