High severity7.5NVD Advisory· Published Feb 22, 2016· Updated Jun 17, 2026
CVE-2015-5267
CVE-2015-5267
Description
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 2.7.10 | 2.7.10 |
moodle/moodlePackagist | >= 2.8.0, < 2.8.8 | 2.8.8 |
moodle/moodlePackagist | >= 2.9.0, < 2.9.2 | 2.9.2 |
Affected products
22cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.6.11
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-382v-gxj9-ffhcghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-5267ghsaADVISORY
- www.openwall.com/lists/oss-security/2015/09/21/1nvdWEB
- github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896ghsaWEB
- github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257ghsaWEB
- github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119ghsaWEB
- github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61eghsaWEB
- web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619ghsaWEB
- www.securitytracker.com/id/1033619nvd
News mentions
0No linked articles in our index yet.