Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 511
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
CVE-2017-7491
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
CVE-2016-3734
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
CVE-2016-3734
Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...
CVE-2016-3733
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
CVE-2016-3733
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0. ...
CVE-2016-3731
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
CVE-2016-3731
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 al ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2017-7490 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | CVSS3: 5.3 | 0% Низкий | больше 8 лет назад |
| CVE-2017-7491 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
 | CVE-2016-3734 Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | CVSS3: 8.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3734 Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ... | CVSS3: 8.8 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3733 The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3733 The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ... | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3732 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3732 The capability check to access other badges in Moodle 3.0 through 3.0. ... | CVSS3: 4.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3731 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | CVSS3: 5.3 | 0% Низкий | больше 8 лет назад |
| CVE-2016-3731 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 al ... | CVSS3: 5.3 | 0% Низкий | больше 8 лет назад |
Уязвимостей на страницу