-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from a line in mod/data/edit.php that explicitly sets $record->groupid = $currentgroup before updating the database entry. The patch removes this line, confirming it as the root cause. Since Moodle's edit.php uses procedural code rather than discrete functions for this logic, the vulnerability resides in the main script flow rather than a named function. The exposure occurs because groupid is overwritten during edits, potentially resetting it to 0 (no group), making entries visible across groups.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.5.9 | 2.5.9 |
| moodle/moodle | composer | >= 2.6.0, < 2.6.6 | 2.6.6 |
| moodle/moodle | composer | >= 2.7.0, < 2.7.3 | 2.7.3 |