Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 474

CVE-2006-4786

почти 19 лет назад

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

CVSS2: 5

EPSS: Низкий

CVE-2006-4785

почти 19 лет назад

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...

CVSS2: 7.5

EPSS: Низкий

CVE-2006-4784

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 an ...

CVSS2: 4.3

EPSS: Низкий

CVE-2006-4786

почти 19 лет назад

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive i ...

CVSS2: 5

EPSS: Низкий

CVE-2006-4785

почти 19 лет назад

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.

CVSS2: 7.5

EPSS: Низкий

CVE-2006-4786

почти 19 лет назад

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

CVSS2: 5

EPSS: Низкий

CVE-2006-4784

почти 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

CVSS2: 4.3

EPSS: Низкий

CVE-2006-0146

больше 19 лет назад

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS2: 7.5

EPSS: Низкий

CVE-2006-0147

больше 19 лет назад

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

CVSS2: 7.5

EPSS: Средний

CVE-2006-0146

больше 19 лет назад

The server.php test script in ADOdb for PHP before 4.70, as used in mu ...

CVSS2: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2006-4786 Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.	CVSS2: 5	0% Низкий	почти 19 лет назад
CVE-2006-4785 SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earli ...	CVSS2: 7.5	2% Низкий	почти 19 лет назад
CVE-2006-4784 Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 an ...	CVSS2: 4.3	0% Низкий	почти 19 лет назад
CVE-2006-4786 Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive i ...	CVSS2: 5	0% Низкий	почти 19 лет назад
CVE-2006-4785 SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.	CVSS2: 7.5	2% Низкий	почти 19 лет назад
CVE-2006-4786 Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.	CVSS2: 5	0% Низкий	почти 19 лет назад
CVE-2006-4784 Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.	CVSS2: 4.3	0% Низкий	почти 19 лет назад
CVE-2006-0146 The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.	CVSS2: 7.5	8% Низкий	больше 19 лет назад
CVE-2006-0147 Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.	CVSS2: 7.5	21% Средний	больше 19 лет назад
CVE-2006-0146 The server.php test script in ADOdb for PHP before 4.70, as used in mu ...	CVSS2: 7.5	8% Низкий	больше 19 лет назад

Уязвимостей на страницу