Vulnerability Database

324,311

Total vulnerabilities in the database

CVE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Published: Mar 11, 2022
Updated: Nov 16, 2025
CVE: CVE-2021-32476
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
moodle / moodle	3.10.0	3.10.4
moodle / moodle	3.9.0	3.9.7
moodle / moodle	3.8.0	3.8.9
moodle / moodle	-	3.5.18

https://moodle.org/mod/forum/discuss.php?d=422310

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo