Primary

Context

Moodle Directory Listing Vulnerability in Error Handling of Router Component

Vulnerability

Patched

A vulnerability in the Moodle router (r.php) has been identified, where improper error handling can lead to the application unintentionally disclosing internal directory listings. This issue arises when certain HTTP headers are not correctly configured, potentially exposing the file structure or sensitive application information. The vulnerability affects Moodle versions 5.0 prior to 5.0.3 and 4.5 prior to 4.5.7.

Impact

Exploitation of this vulnerability can result in the exposure of internal directory listings, which may include sensitive information such as application files, source code, or other data that could be leveraged for further exploitation.

Remediation

Users can upgrade to Moodle versions 5.0.3 or 4.5.7 to address this vulnerability.

Added: Oct 23, 2025, 12:20 PM

Updated: Oct 23, 2025, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Directory Listing Vulnerability in Error Handling of Router Component

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating