Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 475
CVE-2024-43437
A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.
CVE-2024-43435
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
GHSA-wwjf-gwrv-wh45
Moodle's IDOR in badges allows deletion of arbitrary badges
GHSA-qrqv-26gf-xgwh
Moodle LFI vulnerability when restoring malformed block backups
GHSA-v6f4-v8h8-3c87
Moodle Remote Code Execution vulnerability
GHSA-x87r-37q5-mmr8
Moodle has CSRF risk in Feedback non-respondents report
GHSA-2r9m-wg35-rfvc
Moodle vulnerable to cache poisoning via injection into storage
CVE-2024-43440
A flaw was found in moodle. A local file may include risks when restoring block backups.
CVE-2024-43440
A flaw was found in moodle. A local file may include risks when restor ...
CVE-2024-43434
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2024-43437 A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | CVSS3: 5.4 | 0% Низкий | 9 месяцев назад |
| CVE-2024-43435 A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary. | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
| GHSA-wwjf-gwrv-wh45 Moodle's IDOR in badges allows deletion of arbitrary badges | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| GHSA-qrqv-26gf-xgwh Moodle LFI vulnerability when restoring malformed block backups | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| GHSA-v6f4-v8h8-3c87 Moodle Remote Code Execution vulnerability | CVSS3: 8.1 | 88% Высокий | 9 месяцев назад |
| GHSA-x87r-37q5-mmr8 Moodle has CSRF risk in Feedback non-respondents report | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
| GHSA-2r9m-wg35-rfvc Moodle vulnerable to cache poisoning via injection into storage | CVSS3: 7.7 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-43440 A flaw was found in moodle. A local file may include risks when restoring block backups. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-43440 A flaw was found in moodle. A local file may include risks when restor ... | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
| CVE-2024-43434 The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability. | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу