Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 470
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course ...
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task ...
CVE-2020-1756
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
CVE-2020-1755
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
BDU:2022-06359
Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной очисткой пользовательских данных, позволяющая нарушителю выполнить произвольные SQL-команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-14321 In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | CVSS3: 8.8 | 64% Средний | почти 3 года назад |
| CVE-2020-14321 In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course ... | CVSS3: 8.8 | 64% Средний | почти 3 года назад |
| CVE-2020-14320 In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | CVSS3: 6.1 | 1% Низкий | почти 3 года назад |
| CVE-2020-14320 In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task ... | CVSS3: 6.1 | 1% Низкий | почти 3 года назад |
 | CVE-2020-1756 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | CVSS3: 7.2 | 1% Низкий | почти 3 года назад |
| CVE-2020-1755 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
| CVE-2020-14321 In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | CVSS3: 8.8 | 64% Средний | почти 3 года назад |
| CVE-2020-14320 In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | CVSS3: 6.1 | 1% Низкий | почти 3 года назад |
| CVE-2020-14322 In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
 | BDU:2022-06359 Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной очисткой пользовательских данных, позволяющая нарушителю выполнить произвольные SQL-команды | CVSS3: 9.8 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу