AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2016-2155: The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x

infovulnerability

security

Source: NVD/CVE DatabaseMay 22, 2016CVE-2016-2155

Summary

A security flaw in Moodle's grade-reporting feature called Singleview allowed users with the Non-Editing Instructor role to change grade exclusion settings even though they shouldn't have that permission. The vulnerability affected Moodle versions 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, because the system didn't properly check user permissions (moodle/grade:manage capability, which controls who can modify grades).

Solution / Mitigation

Update to Moodle 2.8.11, 2.9.5, or 3.0.3 or later, as referenced in the CVE description and the Moodle git repository commit tracking system.

Vulnerability Details

CVSS Score

4

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-264

Original source: https://nvd.nist.gov/vuln/detail/CVE-2016-2155

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%