Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2011-4586
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2011-4588
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
CVE-2011-4591
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.
CVE-2011-4582
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.
CVE-2011-4593
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
CVE-2011-4583
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
CVE-2011-4581
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.
CVE-2011-4590
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
CVE-2012-0801
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
CVE-2012-0801
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2011-4586 CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | CVSS2: 5 | 0% Низкий | около 13 лет назад |
| CVE-2011-4588 The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | CVSS2: 5 | 0% Низкий | около 13 лет назад |
| CVE-2011-4591 Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | CVSS2: 4.3 | 0% Низкий | около 13 лет назад |
| CVE-2011-4582 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | CVSS2: 4.9 | 0% Низкий | около 13 лет назад |
| CVE-2011-4593 Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2011-4583 Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | CVSS2: 6.5 | 0% Низкий | около 13 лет назад |
| CVE-2011-4581 mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
| CVE-2011-4590 The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | CVSS2: 4 | 0% Низкий | около 13 лет назад |
 | CVE-2012-0801 lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | CVSS2: 7.5 | 0% Низкий | около 13 лет назад |
| CVE-2012-0801 lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ... | CVSS2: 7.5 | 0% Низкий | около 13 лет назад |
Уязвимостей на страницу