mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
2016-02-22T05:59:19.577
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 4.3 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | moodle | moodle | ≤ 2.6.11 | Yes |
| Application | moodle | moodle | 2.7.0 | Yes |
| Application | moodle | moodle | 2.7.1 | Yes |
| Application | moodle | moodle | 2.7.2 | Yes |
| Application | moodle | moodle | 2.7.3 | Yes |
| Application | moodle | moodle | 2.7.4 | Yes |
| Application | moodle | moodle | 2.7.5 | Yes |
| Application | moodle | moodle | 2.7.6 | Yes |
| Application | moodle | moodle | 2.7.7 | Yes |
| Application | moodle | moodle | 2.7.8 | Yes |
| Application | moodle | moodle | 2.7.9 | Yes |
| Application | moodle | moodle | 2.7.10 | Yes |
| Application | moodle | moodle | 2.8.0 | Yes |
| Application | moodle | moodle | 2.8.1 | Yes |
| Application | moodle | moodle | 2.8.2 | Yes |
| Application | moodle | moodle | 2.8.3 | Yes |
| Application | moodle | moodle | 2.8.4 | Yes |
| Application | moodle | moodle | 2.8.5 | Yes |
| Application | moodle | moodle | 2.8.6 | Yes |
| Application | moodle | moodle | 2.8.7 | Yes |
| Application | moodle | moodle | 2.8.8 | Yes |
| Application | moodle | moodle | 2.9.0 | Yes |
| Application | moodle | moodle | 2.9.1 | Yes |
| Application | moodle | moodle | 2.9.2 | Yes |