Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 475
CVE-2006-4940
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
CVE-2006-4941
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2006-4937
lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.
CVE-2006-4939
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
CVE-2006-4942
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2006-4935
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
CVE-2006-4784
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-4940 login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | CVSS2: 5 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4941 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4937 lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | CVSS2: 4 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4939 backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname. | CVSS2: 5 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4942 Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | CVSS2: 4.6 | 1% Низкий | почти 19 лет назад |
| CVE-2006-4936 Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | CVSS2: 10 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4943 course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | CVSS2: 5 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | CVSS2: 4 | 0% Низкий | почти 19 лет назад |
| CVE-2006-4935 The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | CVSS2: 10 | 0% Низкий | почти 19 лет назад |
 | CVE-2006-4784 Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | CVSS2: 4.3 | 0% Низкий | почти 19 лет назад |
Уязвимостей на страницу