Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2014-0009
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4. ...
CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x b ...
CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
CVE-2014-0009
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.
CVE-2014-0010
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
CVE-2013-4525
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.
CVE-2013-4525
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/ ...
CVE-2013-4524
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
CVE-2013-4524
Directory traversal vulnerability in repository/filesystem/lib.php in ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2014-0009 course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4. ... | CVSS2: 5.5 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-0008 lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0008 lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x b ... | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-0008 lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0009 course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | CVSS2: 5.5 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0010 Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2013-4525 Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. | CVSS2: 3.5 | 0% Низкий | больше 11 лет назад |
| CVE-2013-4525 Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/ ... | CVSS2: 3.5 | 0% Низкий | больше 11 лет назад |
| CVE-2013-4524 Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2013-4524 Directory traversal vulnerability in repository/filesystem/lib.php in ... | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу