Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2012-4400

около 13 лет назад

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.

CVSS2: 4

EPSS: Низкий

CVE-2012-4402

около 13 лет назад

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.

CVSS2: 4.9

EPSS: Низкий

CVE-2012-4401

около 13 лет назад

Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.

CVSS2: 4

EPSS: Низкий

CVE-2012-4408

около 13 лет назад

course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.

CVSS2: 5.5

EPSS: Низкий

CVE-2012-3398

больше 13 лет назад

Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.

CVSS2: 4

EPSS: Низкий

CVE-2012-3398

больше 13 лет назад

Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2. ...

CVSS2: 4

EPSS: Низкий

CVE-2012-3397

больше 13 лет назад

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.

CVSS2: 4

EPSS: Низкий

CVE-2012-3397

больше 13 лет назад

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...

CVSS2: 4

EPSS: Низкий

CVE-2012-3396

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.

CVSS2: 3.5

EPSS: Низкий

CVE-2012-3396

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Mo ...

CVSS2: 3.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2012-4400 repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.	CVSS2: 4	0% Низкий	около 13 лет назад
CVE-2012-4402 webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.	CVSS2: 4.9	0% Низкий	около 13 лет назад
CVE-2012-4401 Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.	CVSS2: 4	0% Низкий	около 13 лет назад
CVE-2012-4408 course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.	CVSS2: 5.5	0% Низкий	около 13 лет назад
CVE-2012-3398 Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.	CVSS2: 4	1% Низкий	больше 13 лет назад
CVE-2012-3398 Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2. ...	CVSS2: 4	1% Низкий	больше 13 лет назад
CVE-2012-3397 lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.	CVSS2: 4	0% Низкий	больше 13 лет назад
CVE-2012-3397 lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...	CVSS2: 4	0% Низкий	больше 13 лет назад
CVE-2012-3396 Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.	CVSS2: 3.5	0% Низкий	больше 13 лет назад
CVE-2012-3396 Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Mo ...	CVSS2: 3.5	0% Низкий	больше 13 лет назад

Уязвимостей на страницу