Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 469
CVE-2006-4940
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
CVE-2006-4941
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2006-4942
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id ...
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session ...
CVE-2006-4940
login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ...
CVE-2006-4941
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ...
CVE-2006-4935
The Database module in Moodle before 1.6.2 does not properly handle up ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-4940 login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4941 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | CVSS2: 4 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4942 Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | CVSS2: 4.6 | 1% Низкий | больше 18 лет назад |
| CVE-2006-4943 course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4936 Moodle before 1.6.2 does not properly validate the module instance id ... | CVSS2: 10 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4943 course/jumpto.php in Moodle before 1.6.2 does not validate the session ... | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4940 login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ... | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4941 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ... | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4935 The Database module in Moodle before 1.6.2 does not properly handle up ... | CVSS2: 10 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу