Moodle — система управления образовательными электронными курсами

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.

An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.

An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.

Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной авторизацией, позволяющая нарушителю обойти существующие ограничения безопасности

Уязвимость виртуальной обучающей среды Moodle, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows ...