Hmmmm ... strange ... but wonder if what you ran found another app (CMME stands for Conent Management Made Easy) - evidenly, made easy to exploit also! ;) Maybe it's a 'false positive' reported by IBM Rational AppScan 8.5.0.1?
Is your version of Moodle the highest/most secure of the series you run?
Usually, one might find similar reference in another ... like:
http://www.cvedetails.com/vulnerability-list/vendor_id-2105/product_id-3590/
'spirit of sharing', Ken