Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2022-0332
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
CVE-2022-0333
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
BDU:2023-03479
Уязвимость компонента mod_h5pactivity виртуальной обучающей среды Moodle, позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных
BDU:2022-06382
Уязвимость плагина H5P виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-9328-7pcw-vw69
Cross-Site Request Forgery in Moodle
GHSA-8jhp-2gcr-qw96
Moodle vulnerable to RCE via unsafe deserialization
GHSA-wpfp-q843-v772
Cross-site Scripting in moodle
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
CVE-2021-43560
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-0332 A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | CVSS3: 9.8 | 3% Низкий | около 4 лет назад |
| CVE-2022-0333 A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | CVSS3: 3.8 | 0% Низкий | около 4 лет назад |
 | BDU:2023-03479 Уязвимость компонента mod_h5pactivity виртуальной обучающей среды Moodle, позволяющая нарушителю выполнять произвольные SQL-запросы в базе данных | CVSS3: 9.8 | 3% Низкий | около 4 лет назад |
| BDU:2022-06382 Уязвимость плагина H5P виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 4.3 | 0% Низкий | около 4 лет назад |
| GHSA-9328-7pcw-vw69 Cross-Site Request Forgery in Moodle | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
| GHSA-8jhp-2gcr-qw96 Moodle vulnerable to RCE via unsafe deserialization | CVSS3: 9.8 | 1% Низкий | около 4 лет назад |
| GHSA-wpfp-q843-v772 Cross-site Scripting in moodle | CVSS3: 6.1 | 0% Низкий | около 4 лет назад |
 | CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ... | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу