Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 499
GHSA-5488-2xmq-hwfh
Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.
GHSA-hxvf-5p7c-7g55
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.
GHSA-vg4g-6rhx-p7rr
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
GHSA-7ghm-fp7p-qvjq
Moodle XSS Vulnerability
GHSA-58fm-v4pr-jh8p
Moodle Unrestricted file upload vulnerability
GHSA-683c-cq88-f22q
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."
GHSA-g58x-p3pj-rg52
Moodle Glossary search displays entries without checking user permissions to view them
GHSA-6r76-f8c8-fh7p
Moodle Cross-site Scripting in assignment submission page
GHSA-3hmr-948v-5qgq
Moodle Cross-Site Request Forgery (CSRF)
GHSA-93gj-rg98-h7mm
Moodle XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-5488-2xmq-hwfh Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | 0% Низкий | больше 3 лет назад | |
| GHSA-hxvf-5p7c-7g55 lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | 0% Низкий | больше 3 лет назад | |
| GHSA-vg4g-6rhx-p7rr Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад |
| GHSA-7ghm-fp7p-qvjq Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-58fm-v4pr-jh8p Moodle Unrestricted file upload vulnerability | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад |
| GHSA-683c-cq88-f22q ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-g58x-p3pj-rg52 Moodle Glossary search displays entries without checking user permissions to view them | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6r76-f8c8-fh7p Moodle Cross-site Scripting in assignment submission page | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-3hmr-948v-5qgq Moodle Cross-Site Request Forgery (CSRF) | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-93gj-rg98-h7mm Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу