Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2006-4943
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
CVE-2006-4939
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ...
CVE-2006-4938
help.php in Moodle before 1.6.2 does not check the existence of certai ...
CVE-2006-4940
login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ...
CVE-2006-4935
The Database module in Moodle before 1.6.2 does not properly handle up ...
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id ...
CVE-2006-4941
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ...
CVE-2006-4942
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-4943 course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | CVSS2: 5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | CVSS2: 4 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4936 Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | CVSS2: 10 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4939 backup/backup_scheduled.php in Moodle before 1.6.2 generates trace dat ... | CVSS2: 5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4938 help.php in Moodle before 1.6.2 does not check the existence of certai ... | CVSS2: 4 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4940 login/forgot_password.php in Moodle before 1.6.2 allows remote attacke ... | CVSS2: 5 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4935 The Database module in Moodle before 1.6.2 does not properly handle up ... | CVSS2: 10 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4936 Moodle before 1.6.2 does not properly validate the module instance id ... | CVSS2: 10 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4941 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1 ... | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4942 Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) t ... | CVSS2: 4.6 | 1% Низкий | больше 19 лет назад |
Уязвимостей на страницу