Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 647

CVE-2013-1835

почти 13 лет назад

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

CVSS2: 3.5

EPSS: Низкий

CVE-2013-1831

почти 13 лет назад

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

CVSS2: 5

EPSS: Низкий

CVE-2013-1834

почти 13 лет назад

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.

CVSS2: 4

EPSS: Низкий

CVE-2013-1830

почти 13 лет назад

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.

CVSS2: 5

EPSS: Низкий

CVE-2012-6112

около 13 лет назад

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

CVSS2: 5

EPSS: Низкий

CVE-2012-6112

около 13 лет назад

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...

CVSS2: 5

EPSS: Низкий

CVE-2012-6106

около 13 лет назад

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.

CVSS2: 5.5

EPSS: Низкий

CVE-2012-6106

около 13 лет назад

calendar/managesubscriptions.php in the Manage Subscriptions implement ...

CVSS2: 5.5

EPSS: Низкий

CVE-2012-6105

около 13 лет назад

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.

CVSS2: 5

EPSS: Низкий

CVE-2012-6105

около 13 лет назад

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3 ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2013-1835 Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.	CVSS2: 3.5	0% Низкий	почти 13 лет назад
CVE-2013-1831 lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2013-1834 notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.	CVSS2: 4	0% Низкий	почти 13 лет назад
CVE-2013-1830 user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2012-6112 classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.	CVSS2: 5	1% Низкий	около 13 лет назад
CVE-2012-6112 classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...	CVSS2: 5	1% Низкий	около 13 лет назад
CVE-2012-6106 calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.	CVSS2: 5.5	0% Низкий	около 13 лет назад
CVE-2012-6106 calendar/managesubscriptions.php in the Manage Subscriptions implement ...	CVSS2: 5.5	0% Низкий	около 13 лет назад
CVE-2012-6105 blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.	CVSS2: 5	0% Низкий	около 13 лет назад
CVE-2012-6105 blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3 ...	CVSS2: 5	0% Низкий	около 13 лет назад

Уязвимостей на страницу