Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 577
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
CVE-2021-43558
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
CVE-2021-43558
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
CVE-2021-43558
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | почти 4 года назад |
| CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ... | CVSS3: 8.8 | 0% Низкий | почти 4 года назад |
| CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ... | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| CVE-2021-3943 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | CVSS3: 9.8 | 3% Низкий | почти 4 года назад |
| CVE-2021-3943 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ... | CVSS3: 9.8 | 3% Низкий | почти 4 года назад |
 | CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | CVSS3: 6.1 | 0% Низкий | почти 4 года назад |
| CVE-2021-3943 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | CVSS3: 9.8 | 3% Низкий | почти 4 года назад |
| CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | почти 4 года назад |
| CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу