Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2018-1081

больше 7 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...

CVSS3: 5.3

EPSS: Низкий

CVE-2018-1081

больше 7 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CVSS3: 5.3

EPSS: Низкий

CVE-2018-1082

больше 7 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CVSS3: 8.1

EPSS: Низкий

CVE-2018-1045

почти 8 лет назад

In Moodle 3.x, there is XSS via a calendar event name.

CVSS3: 5.4

EPSS: Низкий

CVE-2018-1045

почти 8 лет назад

In Moodle 3.x, there is XSS via a calendar event name.

CVSS3: 5.4

EPSS: Низкий

CVE-2018-1044

почти 8 лет назад

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.

CVSS3: 4.3

EPSS: Низкий

CVE-2018-1044

почти 8 лет назад

In Moodle 3.x, quiz web services allow students to see quiz results wh ...

CVSS3: 4.3

EPSS: Низкий

CVE-2018-1043

почти 8 лет назад

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.

CVSS3: 6.5

EPSS: Низкий

CVE-2018-1043

почти 8 лет назад

In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...

CVSS3: 6.5

EPSS: Низкий

CVE-2018-1042

почти 8 лет назад

Moodle 3.x has Server Side Request Forgery in the filepicker.

CVSS3: 6.5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2018-1081 A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...	CVSS3: 5.3	1% Низкий	больше 7 лет назад
CVE-2018-1081 A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.	CVSS3: 5.3	1% Низкий	больше 7 лет назад
CVE-2018-1082 A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.	CVSS3: 8.1	2% Низкий	больше 7 лет назад
CVE-2018-1045 In Moodle 3.x, there is XSS via a calendar event name.	CVSS3: 5.4	0% Низкий	почти 8 лет назад
CVE-2018-1045 In Moodle 3.x, there is XSS via a calendar event name.	CVSS3: 5.4	0% Низкий	почти 8 лет назад
CVE-2018-1044 In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.	CVSS3: 4.3	0% Низкий	почти 8 лет назад
CVE-2018-1044 In Moodle 3.x, quiz web services allow students to see quiz results wh ...	CVSS3: 4.3	0% Низкий	почти 8 лет назад
CVE-2018-1043 In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.	CVSS3: 6.5	0% Низкий	почти 8 лет назад
CVE-2018-1043 In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...	CVSS3: 6.5	0% Низкий	почти 8 лет назад
CVE-2018-1042 Moodle 3.x has Server Side Request Forgery in the filepicker.	CVSS3: 6.5	19% Средний	почти 8 лет назад

Уязвимостей на страницу