VYPR
Medium severity6.5NVD Advisory· Published Nov 26, 2018· Updated Jun 17, 2026

CVE-2018-16854

CVE-2018-16854

Description

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 3.1, < 3.1.153.1.15
moodle/moodlePackagist
>= 3.3, < 3.3.93.3.9
moodle/moodlePackagist
>= 3.4, < 3.4.63.4.6
moodle/moodlePackagist
>= 3.5, < 3.5.33.5.3

Affected products

1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.