Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVE-2023-5549
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
BDU:2023-07959
Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
BDU:2024-05803
Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | CVSS3: 3.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-5539 A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | CVSS3: 4.7 | 2% Низкий | больше 2 лет назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's username, which could be sensitive information. | CVSS3: 3.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | CVSS3: 6.5 | 1% Низкий | больше 2 лет назад |
| CVE-2023-5547 The course upload preview contained an XSS risk for users uploading unsafe data. | CVSS3: 3.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-5541 The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | CVSS3: 3.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-5549 Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | CVSS3: 3.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-5544 Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-07959 Уязвимость виртуальной обучающей среды Moodle, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 2% Низкий | больше 2 лет назад |
| BDU:2024-05803 Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу