BIT-MOODLE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-62397

CVE-2025-62397 describes a router-side issue where responses to invalid course IDs are inconsistent, enabling an attacker to infer which course IDs exist (information disclosure for reconnaissance). The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network access with low confi...

CVE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-62397 Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

EUVD-2025-35670

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

Moodle 安全漏洞

Moodle is a free e-learning software platform from the Moodle open source suite, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from inconsistent router responses to invalid course IDs,...

PT-2025-43445

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. This could assist...

CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2024-10612

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function removeHookInvalidCourse of the file /com/esafenet/servlet/system/HookInvalidCourseService.java. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. A SQL injection vulnerability exists in EsafeNet CDG v5, which originates from the parameter id of the file /com/esafenet/servlet/system/HookInvalidCourseService.java that can lead to SQL injection...