Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

  • Published: Feb 22, 2016
  • Updated: Nov 9, 2025
  • CVE: CVE-2015-5264
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

Software From Fixed in
Composer icon moodle / moodle 2.7.1 2.7.1.x
Composer icon moodle / moodle 2.8.3 2.8.3.x
Composer icon moodle / moodle 2.8.7 2.8.7.x
Composer icon moodle / moodle 2.7.6 2.7.6.x
Composer icon moodle / moodle 2.7.2 2.7.2.x
Composer icon moodle / moodle 2.7.4 2.7.4.x
Composer icon moodle / moodle 2.7.9 2.7.9.x
Composer icon moodle / moodle 2.8.4 2.8.4.x
Composer icon moodle / moodle 2.8.6 2.8.6.x
Composer icon moodle / moodle - 2.6.11.x
Composer icon moodle / moodle 2.7.5 2.7.5.x
Composer icon moodle / moodle 2.7.3 2.7.3.x
Composer icon moodle / moodle 2.7.0 2.7.0.x
Composer icon moodle / moodle 2.9.1 2.9.1.x
Composer icon moodle / moodle 2.8.1 2.8.1.x
Composer icon moodle / moodle 2.8.5 2.8.5.x
Composer icon moodle / moodle 2.7.8 2.7.8.x
Composer icon moodle / moodle 2.8.2 2.8.2.x
Composer icon moodle / moodle 2.7.7 2.7.7.x
Composer icon moodle / moodle 2.8.0 2.8.0.x
Composer icon moodle / moodle 2.9.0 2.9.0.x