Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2014-7833

почти 11 лет назад

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

CVSS2: 4

EPSS: Низкий

CVE-2014-7833

почти 11 лет назад

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...

CVSS2: 4

EPSS: Низкий

CVE-2014-7832

почти 11 лет назад

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.

CVSS2: 4

EPSS: Низкий

CVE-2014-7832

почти 11 лет назад

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x b ...

CVSS2: 4

EPSS: Низкий

CVE-2014-7831

почти 11 лет назад

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

CVSS2: 4

EPSS: Низкий

CVE-2014-7831

почти 11 лет назад

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...

CVSS2: 4

EPSS: Низкий

CVE-2014-7830

почти 11 лет назад

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

CVSS2: 3.5

EPSS: Низкий

CVE-2014-7830

почти 11 лет назад

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...

CVSS2: 3.5

EPSS: Низкий

CVE-2014-7837

почти 11 лет назад

mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.

CVSS2: 5.5

EPSS: Низкий

CVE-2014-7836

почти 11 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

CVSS2: 6.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-7833 mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7833 mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7832 mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7832 mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x b ...	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7831 lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7831 lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...	CVSS2: 4	0% Низкий	почти 11 лет назад
CVE-2014-7830 Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.	CVSS2: 3.5	0% Низкий	почти 11 лет назад
CVE-2014-7830 Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...	CVSS2: 3.5	0% Низкий	почти 11 лет назад
CVE-2014-7837 mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.	CVSS2: 5.5	1% Низкий	почти 11 лет назад
CVE-2014-7836 Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.	CVSS2: 6.8	0% Низкий	почти 11 лет назад

Уязвимостей на страницу