Moodle — система управления образовательными электронными курсами

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0 ...

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x bef ...

Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.

Cross-site scripting (XSS) vulnerability in repository/lib.php in Mood ...

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x be ...

mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.

mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2 ...