In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

The remote web server hosts Moodle, an open-source course management system.  Versions of Moodle 3.1.x prior to 3.1.1 are exposed to the following vulnerabilities :

 - A flaw exists that is due to the program failing to perform permission checks on Glossary searches.  This may allow a remote attacker to view entries via a glossary search. (CVE-2016-5012)
 - A flaw exists that may allow an authenticated remote attacker to inject email addresses into the intended recipients of an email by changing their username to include another user's email address.  This may result in other users potentially being saturated with emails. (CVE-2016-5013)
 - A flaw exists in the event monitor tool that is triggered as notifications are still sent to users even after they can no longer access classes.  This may allow an authenticated remote attacker to gain access to sensitive information in notifications. (CVE-2016-5014)

The remote web server hosts Moodle, an open-source course management system.  Versions of Moodle 3.0.x prior to 3.0.5 are exposed to the following vulnerabilities :

 - A flaw exists that may allow an authenticated remote attacker to inject email addresses into the intended recipients of an email by changing their username to include another user's email address.  This may result in other users potentially being saturated with emails. (CVE-2016-5013)
 - A flaw exists in the event monitor tool that is triggered as notifications are still sent to users even after they can no longer access classes.  This may allow an authenticated remote attacker to gain access to sensitive information in notifications. (CVE-2016-5014)

The remote web server hosts Moodle, an open-source course management system.  Versions of Moodle 2.9.x prior to 2.9.7 are exposed to the following vulnerabilities :

 - A flaw exists that may allow an authenticated remote attacker to inject email addresses into the intended recipients of an email by changing their username to include another user's email address.  This may result in other users potentially being saturated with emails. (CVE-2016-5013)
 - A flaw exists in the event monitor tool that is triggered as notifications are still sent to users even after they can no longer access classes.  This may allow an authenticated remote attacker to gain access to sensitive information in notifications. (CVE-2016-5014)

The remote web server hosts Moodle, an open-source course management system.  Versions of Moodle 2.7.x prior to 2.7.15 are affected by a flaw that may allow an authenticated remote attacker to inject email addresses into the intended recipients of an email by changing their username to include another user's email address.  This may result in other users potentially being saturated with emails. (CVE-2016-5013)

Marina Glancy reports :

- MSA-16-0019: Glossary search displays entries without checking user permissions to view them

- MSA-16-0020: Text injection in email headers

- MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course

ID	Name	Product	Family	Severity
9523	Moodle < 3.1.1 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
9522	Moodle 3.0.x < 3.0.5 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
9521	Moodle 2.9.x < 2.9.7 Multiple Vulnerabilities	Nessus Network Monitor	CGI	medium
9520	Moodle 2.7.x < 2.7.15 Remote Header Email Address Injection	Nessus Network Monitor	CGI	medium
92770	FreeBSD : moodle -- multiple vulnerabilities (3ddcb42b-5b78-11e6-b334-002590263bf5)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2016-5013

medium

Tenable Plugins

medium

medium

medium

medium

medium