Primary

Context

Moodle JSON Response Vulnerability for Invalid Course IDs

Vulnerability

Patched

A vulnerability in Moodle's router handling of course IDs has been identified. When the router receives invalid course IDs, it responds with JSON data instead of the expected 404 error. This inconsistency allows attackers to infer which course IDs are valid, potentially aiding in reconnaissance efforts. The vulnerability affects Moodle versions 5.0 through 5.0.2 and has been fixed in version 5.0.3.

Impact

Exploitation of this vulnerability could lead to user enumeration by allowing attackers to identify valid course IDs, which could be used for further reconnaissance or targeted attacks.

Reproduction

To reproduce this vulnerability, send a request to the Moodle router with a non-existent course ID. Observe that the response includes JSON data instead of a standard 404 error. This behavior can be confirmed with course IDs that are known to be invalid.

Remediation

Users can upgrade to Moodle version 5.0.3, where this vulnerability has been fixed.

Added: Oct 23, 2025, 12:20 PM

Updated: Oct 23, 2025, 12:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

9.5

remediation

7.7

relevance

0.8

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle JSON Response Vulnerability for Invalid Course IDs

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating