Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-q34m-x5mm-6rwc
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
BDU:2022-03182
Уязвимость реализации класса core_auth виртуальной обучающей среды Moodle, позволяющая нарушителю обойти ограничения безопасности
GHSA-j98x-965h-9v2h
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
GHSA-wwrq-jww7-39jq
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
GHSA-hwjw-22qj-gpvc
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
GHSA-ccwc-3v75-qp35
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
GHSA-mrrv-fq8p-rp6j
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php
GHSA-p9hr-f4xj-8w8r
Moodle included private user files in course backups
GHSA-x2p9-f5fv-m7m7
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
GHSA-358r-g2xw-7c83
Moodle backs up private files
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-q34m-x5mm-6rwc Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 2% Низкий | больше 3 лет назад | |
 | BDU:2022-03182 Уязвимость реализации класса core_auth виртуальной обучающей среды Moodle, позволяющая нарушителю обойти ограничения безопасности | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад |
| GHSA-j98x-965h-9v2h Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | 0% Низкий | больше 3 лет назад | |
| GHSA-wwrq-jww7-39jq Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 1% Низкий | больше 3 лет назад | |
| GHSA-hwjw-22qj-gpvc Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | 1% Низкий | больше 3 лет назад | |
| GHSA-ccwc-3v75-qp35 Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 2% Низкий | больше 3 лет назад | |
| GHSA-mrrv-fq8p-rp6j Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 1% Низкий | больше 3 лет назад | |
| GHSA-p9hr-f4xj-8w8r Moodle included private user files in course backups | CVSS3: 4.3 | 1% Низкий | больше 3 лет назад |
| GHSA-x2p9-f5fv-m7m7 Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 1% Низкий | больше 3 лет назад | |
| GHSA-358r-g2xw-7c83 Moodle backs up private files | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу