Hmmmm ... strange ... but wonder if what you ran found another app (CMME stands for Conent Management Made Easy) - evidenly, made easy to exploit also! ;) Maybe it's a 'false positive' reported by IBM Rational AppScan 220.127.116.11?
Is your version of Moodle the highest/most secure of the series you run?
Usually, one might find similar reference in another ... like:
'spirit of sharing', Ken