Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2011-4292

больше 13 лет назад

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.

CVSS2: 4

EPSS: Низкий

CVE-2011-4294

больше 13 лет назад

The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.

CVSS2: 5.8

EPSS: Низкий

CVE-2011-4282

больше 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-4291

больше 13 лет назад

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.

CVSS2: 4

EPSS: Низкий

CVE-2011-4287

больше 13 лет назад

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

CVSS2: 6.8

EPSS: Низкий

CVE-2011-4297

больше 13 лет назад

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

CVSS2: 6.4

EPSS: Низкий

CVE-2011-4288

больше 13 лет назад

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

CVSS2: 4

EPSS: Низкий

CVE-2011-4309

больше 13 лет назад

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.

CVSS2: 5

EPSS: Низкий

CVE-2011-4309

больше 13 лет назад

Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...

CVSS2: 5

EPSS: Низкий

CVE-2011-4308

больше 13 лет назад

mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.

CVSS2: 4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-4292 Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.	CVSS2: 4	1% Низкий	больше 13 лет назад
CVE-2011-4294 The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.	CVSS2: 5.8	0% Низкий	больше 13 лет назад
CVE-2011-4282 Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.	CVSS2: 4.3	0% Низкий	больше 13 лет назад
CVE-2011-4291 Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.	CVSS2: 4	0% Низкий	больше 13 лет назад
CVE-2011-4287 admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.	CVSS2: 6.8	0% Низкий	больше 13 лет назад
CVE-2011-4297 comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.	CVSS2: 6.4	1% Низкий	больше 13 лет назад
CVE-2011-4288 Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.	CVSS2: 4	0% Низкий	больше 13 лет назад
CVE-2011-4309 Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.	CVSS2: 5	0% Низкий	больше 13 лет назад
CVE-2011-4309 Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...	CVSS2: 5	0% Низкий	больше 13 лет назад
CVE-2011-4308 mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.	CVSS2: 4	0% Низкий	больше 13 лет назад

Уязвимостей на страницу