Medium severity6.5NVD Advisory· Published Nov 26, 2018· Updated Jun 17, 2026
CVE-2018-16854
CVE-2018-16854
Description
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.1, < 3.1.15 | 3.1.15 |
moodle/moodlePackagist | >= 3.3, < 3.3.9 | 3.3.9 |
moodle/moodlePackagist | >= 3.4, < 3.4.6 | 3.4.6 |
moodle/moodlePackagist | >= 3.5, < 3.5.3 | 3.5.3 |
Affected products
1Patches
Vulnerability mechanics
References
6- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/106017nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1042154nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-xj5f-qv37-r9jcghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-16854ghsaADVISORY
News mentions
0No linked articles in our index yet.