Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 647

CVE-2023-1402

почти 3 года назад

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-28333

почти 3 года назад

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

CVSS3: 9.8

EPSS: Низкий

CVE-2023-28329

почти 3 года назад

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

CVSS3: 8.8

EPSS: Низкий

CVE-2023-28330

почти 3 года назад

Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.

CVSS3: 6.5

EPSS: Низкий

GHSA-2wmj-8mqg-r9q8

почти 3 года назад

Moodle has Incorrect Default Permissions

CVSS3: 5.3

EPSS: Низкий

GHSA-79jp-m64f-pgrc

почти 3 года назад

Moodle Cross-site Scripting vulnerability

CVSS3: 5.4

EPSS: Низкий

GHSA-786g-xv8v-9h93

почти 3 года назад

Moodle Cross-site Scripting vulnerability

CVSS3: 5.4

EPSS: Низкий

GHSA-g6h6-4fp6-w33w

почти 3 года назад

Moodle vulnerable to Stored Cross-site Scripting

CVSS3: 4.8

EPSS: Низкий

GHSA-j9cw-5cpj-9qj5

почти 3 года назад

Moodle has a Hidden Functionality vulnerability

CVSS3: 5.3

EPSS: Низкий

GHSA-gv8f-43pg-c5qw

почти 3 года назад

Moodle Improper Input Validation vulnerability

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-1402 The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.	CVSS3: 4.3	0% Низкий	почти 3 года назад
CVE-2023-28333 The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).	CVSS3: 9.8	1% Низкий	почти 3 года назад
CVE-2023-28329 Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).	CVSS3: 8.8	0% Низкий	почти 3 года назад
CVE-2023-28330 Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.	CVSS3: 6.5	1% Низкий	почти 3 года назад
GHSA-2wmj-8mqg-r9q8 Moodle has Incorrect Default Permissions	CVSS3: 5.3	1% Низкий	почти 3 года назад
GHSA-79jp-m64f-pgrc Moodle Cross-site Scripting vulnerability	CVSS3: 5.4	1% Низкий	почти 3 года назад
GHSA-786g-xv8v-9h93 Moodle Cross-site Scripting vulnerability	CVSS3: 5.4	1% Низкий	почти 3 года назад
GHSA-g6h6-4fp6-w33w Moodle vulnerable to Stored Cross-site Scripting	CVSS3: 4.8	0% Низкий	почти 3 года назад
GHSA-j9cw-5cpj-9qj5 Moodle has a Hidden Functionality vulnerability	CVSS3: 5.3	0% Низкий	почти 3 года назад
GHSA-gv8f-43pg-c5qw Moodle Improper Input Validation vulnerability	CVSS3: 5.3	0% Низкий	почти 3 года назад

Уязвимостей на страницу