CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

EUVD-2025-199756

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

PT-2025-48186

Name of the Vulnerable Software and Affected Versions classroomio version 0.1.13 Description An Insecure Direct Object Reference IDOR exists in classroomio version 0.1.13. This allows students to access sensitive admin and teacher endpoints by manipulating course IDs in URLs. This can lead to the...

📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference

Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities. CVE-2025-65670 An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in...

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

UBUNTU-CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

Observable Response Discrepancy

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Observable Response Discrepancy in the router. An attacker can determine the existence of specific course IDs by analyzing the different responses returned for valid and invalid IDs. Remediation...

CVE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

EUVD-2025-35670

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

Moodle 安全漏洞

Moodle is a free e-learning software platform from the Moodle open source suite, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from inconsistent router responses to invalid course IDs,...

PT-2025-43445

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. This could assist...

Moodle Multiple Vulnerabilities (MSA-25-0041, MSA-25-0046)

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...