Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 470

CVE-2009-4297

больше 15 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1 ...

CVSS2: 6.8

EPSS: Низкий

CVE-2009-4305

больше 15 лет назад

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

CVSS2: 6.5

EPSS: Низкий

CVE-2009-4300

больше 15 лет назад

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

CVSS2: 5

EPSS: Низкий

CVE-2009-4298

больше 15 лет назад

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.

CVSS2: 5

EPSS: Низкий

CVE-2009-4304

больше 15 лет назад

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.

CVSS2: 7.5

EPSS: Низкий

CVE-2009-4302

больше 15 лет назад

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.

CVSS2: 5

EPSS: Низкий

CVE-2009-4299

больше 15 лет назад

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

CVSS2: 5

EPSS: Низкий

CVE-2009-4301

больше 15 лет назад

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

CVSS2: 6

EPSS: Низкий

CVE-2009-4297

больше 15 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS2: 6.8

EPSS: Низкий

CVE-2009-4303

больше 15 лет назад

Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2009-4297 Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1 ...	CVSS2: 6.8	0% Низкий	больше 15 лет назад
CVE-2009-4305 SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."	CVSS2: 6.5	1% Низкий	больше 15 лет назад
CVE-2009-4300 Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.	CVSS2: 5	1% Низкий	больше 15 лет назад
CVE-2009-4298 The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.	CVSS2: 5	1% Низкий	больше 15 лет назад
CVE-2009-4304 Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.	CVSS2: 7.5	1% Низкий	больше 15 лет назад
CVE-2009-4302 login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.	CVSS2: 5	1% Низкий	больше 15 лет назад
CVE-2009-4299 mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.	CVSS2: 5	1% Низкий	больше 15 лет назад
CVE-2009-4301 mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.	CVSS2: 6	1% Низкий	больше 15 лет назад
CVE-2009-4297 Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CVSS2: 6.8	0% Низкий	больше 15 лет назад
CVE-2009-4303 Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.	CVSS2: 5	1% Низкий	больше 15 лет назад

Уязвимостей на страницу