EPSS
Percentile
34.9%
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50426
github.com/moodle/moodle
github.com/moodle/moodle/commit/cd0c9ac87d75b3d893d61df21e3ecfd12c065c1f
moodle.org/mod/forum/discuss.php?d=323228
nvd.nist.gov/vuln/detail/CVE-2015-5331