Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2014-0127
The time-validation implementation in (1) mod/feedback/complete.php an ...
CVE-2014-0126
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
CVE-2014-0125
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.
CVE-2014-0126
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ...
CVE-2014-0125
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4 ...
CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and m ...
CVE-2014-0123
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
CVE-2014-0122
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
CVE-2014-0122
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2014-0127 The time-validation implementation in (1) mod/feedback/complete.php an ... | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-0126 Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0125 repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. | CVSS2: 5.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0126 Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ... | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0125 repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4 ... | CVSS2: 5.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0124 The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0124 The identity-reporting implementations in mod/forum/renderer.php and m ... | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0123 The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0122 mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0122 mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ... | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу