Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 469
CVE-2006-4937
lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...
CVE-2006-4942
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ...
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certai ...
CVE-2006-4939
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ...
CVE-2006-4937
lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.
CVE-2006-4941
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4940
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
CVE-2006-4935
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2006-4937 lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ... | CVSS2: 4 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4942 Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ... | CVSS2: 4.6 | 1% Низкий | больше 18 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certai ... | CVSS2: 4 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4939 backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ... | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
 | CVE-2006-4937 lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | CVSS2: 4 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4941 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | CVSS2: 4.3 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | CVSS2: 4 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4943 course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4940 login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | CVSS2: 5 | 0% Низкий | больше 18 лет назад |
| CVE-2006-4935 The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | CVSS2: 10 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу