Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2 ...
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2. ...
CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Mo ...
CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...
CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.
CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-6101 Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. | CVSS2: 5.8 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6101 Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2 ... | CVSS2: 5.8 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6100 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6100 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2. ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6099 The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6099 The moodle1 backup converter in backup/converter/moodle1/lib.php in Mo ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6098 grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6098 grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
 | CVE-2012-6105 blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | CVSS2: 5 | 0% Низкий | почти 13 лет назад |
| CVE-2012-6098 grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
Уязвимостей на страницу