PatchSiren cyber security CVE debrief
CVE-2016-5013 Moodle CVE debrief
CVE-2016-5013 describes a text injection flaw in Moodle email header handling that could be abused to influence outbound email content and potentially cause spam to be sent from a vulnerable site. NVD rates the issue as medium severity, with network exposure but requiring user interaction. The practical risk is most relevant for organizations that rely on Moodle-generated mail and want to protect sender reputation and message integrity.
- Vendor
- Moodle
- Product
- CVE-2016-5013
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-20
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-20
- Advisory updated
- 2026-05-13
Who should care
Moodle administrators, hosted-learning platform operators, security teams, and mail/system administrators who manage outbound email from Moodle instances.
Technical summary
NVD classifies the weakness as CWE-74 (improper neutralization of special elements in output used by a downstream component). The published CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, indicating a remotely reachable issue with low complexity and no privileges, but one that depends on user interaction. The NVD record marks a broad set of Moodle releases as vulnerable, including 2.7.14 and multiple 2.8.x, 2.9.x, 3.0.x, and 3.1.0 entries. The expected impact is limited to confidentiality/integrity at a low level, with no direct availability impact recorded.
Defensive priority
Medium. The issue is not a high-severity takeover or code execution flaw, but it can affect outbound mail trust, cause spam abuse, and create reputational or operational noise for affected Moodle deployments.
Recommended defensive actions
- Check whether your Moodle deployment falls within the affected ranges listed by NVD for CVE-2016-5013.
- Apply the vendor mitigation or patch guidance referenced by Moodle.
- Review any custom plugins, themes, or integrations that pass user-controlled data into outbound email headers.
- Monitor outbound mail logs for suspicious header content, abnormal message volume, or unexpected recipients.
- Confirm that your mail-sending path performs header sanitation and rejects newline/header injection characters.
- Retest after remediation to verify that Moodle-generated emails no longer accept injected header content.
Evidence notes
This debrief is based on the official NVD CVE record and linked references only. The NVD entry marks the vulnerability as Modified and provides CVSS v3.0 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, CWE-74, and affected Moodle version criteria. The record also links to the Moodle vendor advisory/mitigation discussion and a SecurityFocus BID entry. No KEV listing or ransomware-campaign association is present in the supplied corpus.
Official resources
-
CVE-2016-5013 CVE record
CVE.org
-
CVE-2016-5013 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Mitigation, Patch, Vendor Advisory
Publicly disclosed in the CVE/NVD record on 2017-01-20 and last modified on 2026-05-13 per the supplied timeline. The corpus does not indicate KEV inclusion, ransomware use, or any later exploit campaign.