BIT-moodle-2025-62397

Import Source

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2025-62397

Aliases

Published

2025-11-17T23:47:45.012Z

Modified

2025-11-18T00:27:49.627314Z

Summary

Moodle: router produces json instead of 404 error for invalid course id

Details

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator