VYPR
Medium severity4.3NVD Advisory· Published May 22, 2016· Updated Jun 17, 2026

CVE-2016-2158

CVE-2016-2158

Description

lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
< 2.7.132.7.13
moodle/moodlePackagist
>= 2.8.0, < 2.8.112.8.11
moodle/moodlePackagist
>= 2.9.0, < 2.9.52.9.5
moodle/moodlePackagist
>= 3.0.0, < 3.0.33.0.3

Affected products

34
  • Moodle/Moodle33 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.6.11
    • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 2.7.13

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.