Search Our Site

We have 3,783,550 registered online learners.
136 new learners so far today.

Vulnerabilities in Moodle LMS puts e-Learners at risk

schedule 11th April 2017 by Virtual College in Virtual College Last updated on 24th April 2018

Moodle LMS system has put e-learning companies at risk

Thousands of businesses that use the Moodle learning management system (LMS) could be at risk of a malicious data breach, it has been reported.

In March, the platform, which allows businesses and organisations to set up websites and online courses, released updates. Along with this, Moodle developers noted that a number of security-related issues were resolved, but did not state any further details, raising questions about the nature and impact of these security issues.

In total, the eLearning platform has over 78,000 websites spanning 234 countries with 100 million users. This means that those using Moodle should act quickly to resolve any issues that could potentially allow attackers to take over web servers.

The extent and severity of these security flaws were revealed later in the month following a blog post from security researcher Netanel Rubin, who found that the flaws allowed attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server.

The data breach takes advantage of incorrect assumptions by the Moodle developers, this included a “logic flaw, an object injection, a double SQL injection, and an overly permissive administrative dashboard”, described Mr Rubin.

He believed that this issue derives from the reimplementation of a specific function without considering decisions made by the original function’s developers.

Mr Rubin said that this is a result of "having too much code, too many developers and lacking documentation".

"Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base. Security issues in large code bases is, of course, not Moodle specific."

Attackers gaining access to the Moodle platform is dangerous not only because they could install a PHP backdoor by uploading vicious plug-ins or templates, but also because Moodle installations store sensitive and private information about businesses and eLearners taking online courses.


Virtual College Logo

Author: Virtual College

The latest training news brought to you by Virtual College. We create innovative digital learning experiences that inspire people to develop the skills they need to thrive in their careers; enhancing and enriching the organisations they work in. For 24 years, we have been developing and supplying collaborative, customer-focused e-learning technology for organisations world-wide.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.