Логотип exploitDog
product: "moodle"
Консоль
Логотип exploitDog

exploitDog

product: "moodle"
Moodle

Moodleсистема управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle
Вендор: moodle

График релизов

4.55.05.120242025202620272028

Недавние уязвимости Moodle

Количество 2 647

ubuntu логотип

CVE-2018-1137

больше 7 лет назад

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

CVSS3: 8.1
EPSS: Низкий
ubuntu логотип

CVE-2018-1135

больше 7 лет назад

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2018-1133

больше 7 лет назад

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

CVSS3: 8.8
EPSS: Средний
nvd логотип

CVE-2018-1082

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CVSS3: 8.1
EPSS: Низкий
debian логотип

CVE-2018-1082

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...

CVSS3: 8.1
EPSS: Низкий
nvd логотип

CVE-2018-1081

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CVSS3: 5.3
EPSS: Низкий
debian логотип

CVE-2018-1081

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...

CVSS3: 5.3
EPSS: Низкий
ubuntu логотип

CVE-2018-1082

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CVSS3: 8.1
EPSS: Низкий
ubuntu логотип

CVE-2018-1081

почти 8 лет назад

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2018-1045

около 8 лет назад

In Moodle 3.x, there is XSS via a calendar event name.

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2018-1137

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

CVSS3: 8.1
0%
Низкий
больше 7 лет назад
ubuntu логотип
CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.

CVSS3: 6.5
0%
Низкий
больше 7 лет назад
ubuntu логотип
CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

CVSS3: 8.8
64%
Средний
больше 7 лет назад
nvd логотип
CVE-2018-1082

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CVSS3: 8.1
2%
Низкий
почти 8 лет назад
debian логотип
CVE-2018-1082

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...

CVSS3: 8.1
2%
Низкий
почти 8 лет назад
nvd логотип
CVE-2018-1081

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CVSS3: 5.3
1%
Низкий
почти 8 лет назад
debian логотип
CVE-2018-1081

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...

CVSS3: 5.3
1%
Низкий
почти 8 лет назад
ubuntu логотип
CVE-2018-1082

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

CVSS3: 8.1
2%
Низкий
почти 8 лет назад
ubuntu логотип
CVE-2018-1081

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

CVSS3: 5.3
1%
Низкий
почти 8 лет назад
nvd логотип
CVE-2018-1045

In Moodle 3.x, there is XSS via a calendar event name.

CVSS3: 5.4
0%
Низкий
около 8 лет назад

Уязвимостей на страницу


Поделиться