Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-32044

Опубликовано: 25 апр. 2025
Источник: debian
EPSS Низкий

Описание

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
moodleremovedpackage

EPSS

Процентиль: 26%
0.00088
Низкий

Связанные уязвимости

CVSS3: 7.5
ubuntu
3 месяца назад

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

CVSS3: 7.5
nvd
3 месяца назад

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

CVSS3: 7.5
github
3 месяца назад

Moodle allows unauthenticated REST API user data exposure

CVSS3: 7.5
fstec
3 месяца назад

Уязвимость виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 7.5
redos
около 2 месяцев назад

Множественные уязвимости moodle

EPSS

Процентиль: 26%
0.00088
Низкий