Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 647

GHSA-3m99-h3hp-w9j7

больше 3 лет назад

Moodle remote code execution via quiz questions

EPSS: Низкий

GHSA-fccf-p8fx-vjj4

больше 3 лет назад

Moodle vulnerable to PHP object injection attacks

EPSS: Низкий

GHSA-hwjv-mc78-cccj

больше 3 лет назад

Moodle multiple cross-site scripting (XSS) vulnerabilities

EPSS: Низкий

GHSA-x47x-gxp5-7pvg

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.

EPSS: Низкий

GHSA-x92j-j6qp-c93p

больше 3 лет назад

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.

CVSS3: 5.3

EPSS: Низкий

GHSA-xmwv-mqh8-4xgw

больше 3 лет назад

Moodle allows remote attackers to read arbitrary files

EPSS: Низкий

GHSA-2hh3-jmv8-5fmx

больше 3 лет назад

Moodle Does Not Escape Characters In Email Headers

CVSS3: 5.4

EPSS: Низкий

GHSA-2phx-w35g-x9vm

больше 3 лет назад

Moodle Weak Password Recovery Mechanism for Forgotten Password

CVSS3: 7.3

EPSS: Низкий

GHSA-gccq-w3xv-4gqh

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.

EPSS: Низкий

GHSA-x32v-7qw8-cpq8

больше 3 лет назад

Moodle Unauthenticated Access

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
GHSA-3m99-h3hp-w9j7 Moodle remote code execution via quiz questions		1% Низкий	больше 3 лет назад
GHSA-fccf-p8fx-vjj4 Moodle vulnerable to PHP object injection attacks		2% Низкий	больше 3 лет назад
GHSA-hwjv-mc78-cccj Moodle multiple cross-site scripting (XSS) vulnerabilities		0% Низкий	больше 3 лет назад
GHSA-x47x-gxp5-7pvg Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.		0% Низкий	больше 3 лет назад
GHSA-x92j-j6qp-c93p In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.	CVSS3: 5.3	0% Низкий	больше 3 лет назад
GHSA-xmwv-mqh8-4xgw Moodle allows remote attackers to read arbitrary files		0% Низкий	больше 3 лет назад
GHSA-2hh3-jmv8-5fmx Moodle Does Not Escape Characters In Email Headers	CVSS3: 5.4	0% Низкий	больше 3 лет назад
GHSA-2phx-w35g-x9vm Moodle Weak Password Recovery Mechanism for Forgotten Password	CVSS3: 7.3	0% Низкий	больше 3 лет назад
GHSA-gccq-w3xv-4gqh Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.		0% Низкий	больше 3 лет назад
GHSA-x32v-7qw8-cpq8 Moodle Unauthenticated Access	CVSS3: 5.3	0% Низкий	больше 3 лет назад

Уязвимостей на страницу