Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 470

CVE-2011-4283

почти 13 лет назад

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.

CVSS2: 5

EPSS: Низкий

CVE-2011-4292

почти 13 лет назад

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.

CVSS2: 4

EPSS: Низкий

CVE-2011-4282

почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-4295

почти 13 лет назад

The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.

CVSS2: 6.5

EPSS: Низкий

CVE-2011-4286

почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-4293

почти 13 лет назад

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.

CVSS2: 6.4

EPSS: Низкий

CVE-2011-4279

почти 13 лет назад

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

CVSS2: 5

EPSS: Низкий

CVE-2011-4309

почти 13 лет назад

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

CVSS2: 5

EPSS: Низкий

CVE-2011-4309

почти 13 лет назад

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...

CVSS2: 5

EPSS: Низкий

CVE-2011-4308

почти 13 лет назад

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.

CVSS2: 4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-4283 Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2011-4292 Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.	CVSS2: 4	1% Низкий	почти 13 лет назад
CVE-2011-4282 Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2011-4295 The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.	CVSS2: 6.5	0% Низкий	почти 13 лет назад
CVE-2011-4286 Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.	CVSS2: 4.3	0% Низкий	почти 13 лет назад
CVE-2011-4293 The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.	CVSS2: 6.4	1% Низкий	почти 13 лет назад
CVE-2011-4279 Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2011-4309 Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2011-4309 Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...	CVSS2: 5	0% Низкий	почти 13 лет назад
CVE-2011-4308 mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.	CVSS2: 4	0% Низкий	почти 13 лет назад

Уязвимостей на страницу