Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 577
CVE-2022-0333
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
CVE-2022-0332
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
CVE-2022-0335
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
BDU:2023-03479
Уязвимость компонента mod_h5pactivity виртуальной обучающей среды Moodle, позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных
BDU:2022-06382
Уязвимость плагина H5P виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-9328-7pcw-vw69
Cross-Site Request Forgery in Moodle
GHSA-wpfp-q843-v772
Cross-site Scripting in moodle
GHSA-8jhp-2gcr-qw96
Moodle vulnerable to RCE via unsafe deserialization
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-0333 A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | CVSS3: 3.8 | 0% Низкий | почти 4 года назад |
| CVE-2022-0332 A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | CVSS3: 9.8 | 4% Низкий | почти 4 года назад |
| CVE-2022-0335 A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | почти 4 года назад |
 | BDU:2023-03479 Уязвимость компонента mod_h5pactivity виртуальной обучающей среды Moodle, позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных | CVSS3: 9.8 | 4% Низкий | почти 4 года назад |
| BDU:2022-06382 Уязвимость плагина H5P виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-9328-7pcw-vw69 Cross-Site Request Forgery in Moodle | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| GHSA-wpfp-q843-v772 Cross-site Scripting in moodle | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| GHSA-8jhp-2gcr-qw96 Moodle vulnerable to RCE via unsafe deserialization | CVSS3: 9.8 | 3% Низкий | почти 4 года назад |
 | CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
| CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ... | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу