Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2011-4589

больше 13 лет назад

backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.

CVSS2: 5.5

EPSS: Низкий

CVE-2011-4584

больше 13 лет назад

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.

CVSS2: 4

EPSS: Низкий

CVE-2011-4582

больше 13 лет назад

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

CVSS2: 4.9

EPSS: Низкий

CVE-2011-4592

больше 13 лет назад

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.

CVSS2: 5

EPSS: Низкий

CVE-2012-0801

больше 13 лет назад

lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.

CVSS2: 7.5

EPSS: Низкий

CVE-2012-0801

больше 13 лет назад

lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ...

CVSS2: 7.5

EPSS: Низкий

CVE-2012-0800

больше 13 лет назад

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.

CVSS2: 2.1

EPSS: Низкий

CVE-2012-0800

больше 13 лет назад

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2. ...

CVSS2: 2.1

EPSS: Низкий

CVE-2012-0799

больше 13 лет назад

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

CVSS2: 4.3

EPSS: Низкий

CVE-2012-0799

больше 13 лет назад

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous fr ...

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-4589 backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.	CVSS2: 5.5	0% Низкий	больше 13 лет назад
CVE-2011-4584 The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.	CVSS2: 4	0% Низкий	больше 13 лет назад
CVE-2011-4582 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.	CVSS2: 4.9	0% Низкий	больше 13 лет назад
CVE-2011-4592 The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.	CVSS2: 5	0% Низкий	больше 13 лет назад
CVE-2012-0801 lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.	CVSS2: 7.5	0% Низкий	больше 13 лет назад
CVE-2012-0801 lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ...	CVSS2: 7.5	0% Низкий	больше 13 лет назад
CVE-2012-0800 The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.	CVSS2: 2.1	0% Низкий	больше 13 лет назад
CVE-2012-0800 The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2. ...	CVSS2: 2.1	0% Низкий	больше 13 лет назад
CVE-2012-0799 Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.	CVSS2: 4.3	0% Низкий	больше 13 лет назад
CVE-2012-0799 Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous fr ...	CVSS2: 4.3	0% Низкий	больше 13 лет назад

Уязвимостей на страницу