Several vulnerabilties have been discovered in phpCAS, a CAS client library for PHP. The Moodle course management system includes a copy of phpCAS.