-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 4.1.14 | 4.1.14 |
| moodle/moodle | composer | >= 4.2.0, < 4.2.11 | 4.2.11 |
| moodle/moodle | composer | >= 4.3.0, < 4.3.8 | 4.3.8 |
| moodle/moodle | composer | >= 4.4.0, < 4.4.4 | 4.4.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks when accessing report schedules. Moodle's report builder component handles scheduled reports, and the external API endpoints (like get.php) would be responsible for fetching schedule data. The vulnerability suggests these endpoints didn't verify 'edit' permissions before returning data. The model class that retrieves schedule records would also be involved in data access without proper capability checks. Confidence is medium as these are common patterns in Moodle's architecture, though exact patch details are unavailable.
PHPPHPOngoing coverage of React2Shell