Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2012-6102
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
CVE-2012-5481
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
CVE-2012-5481
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ...
CVE-2012-5480
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
CVE-2012-5480
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...
CVE-2012-5479
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
CVE-2012-5479
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-6102 lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | CVSS2: 6.4 | 0% Низкий | около 13 лет назад |
| CVE-2012-6100 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2012-6099 The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2012-6112 classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. | CVSS2: 5 | 1% Низкий | около 13 лет назад |
 | CVE-2012-5481 Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2012-5481 Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ... | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2012-5480 The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | CVSS2: 6.4 | 0% Низкий | около 13 лет назад |
| CVE-2012-5480 The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ... | CVSS2: 6.4 | 0% Низкий | около 13 лет назад |
| CVE-2012-5479 The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | CVSS2: 6.5 | 1% Низкий | около 13 лет назад |
| CVE-2012-5479 The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ... | CVSS2: 6.5 | 1% Низкий | около 13 лет назад |
Уязвимостей на страницу