Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 536
GHSA-58fm-v4pr-jh8p
Moodle Unrestricted file upload vulnerability
GHSA-vg4g-6rhx-p7rr
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
GHSA-683c-cq88-f22q
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."
GHSA-g58x-p3pj-rg52
Moodle Glossary search displays entries without checking user permissions to view them
GHSA-6r76-f8c8-fh7p
Moodle Cross-site Scripting in assignment submission page
GHSA-3hmr-948v-5qgq
Moodle Cross-Site Request Forgery (CSRF)
GHSA-9cg4-4f87-jhm3
Moodle XSS in attachments to evidence of prior learning
GHSA-98mf-mqw9-9q8q
Moodle Global search displays user names for unauthenticated users
GHSA-93gj-rg98-h7mm
Moodle XSS Vulnerability
GHSA-54r2-r67g-fr9m
Moodle User fullname disclosure on user preferences page
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-58fm-v4pr-jh8p Moodle Unrestricted file upload vulnerability | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад |
| GHSA-vg4g-6rhx-p7rr Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад |
| GHSA-683c-cq88-f22q ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-g58x-p3pj-rg52 Moodle Glossary search displays entries without checking user permissions to view them | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6r76-f8c8-fh7p Moodle Cross-site Scripting in assignment submission page | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-3hmr-948v-5qgq Moodle Cross-Site Request Forgery (CSRF) | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-9cg4-4f87-jhm3 Moodle XSS in attachments to evidence of prior learning | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-98mf-mqw9-9q8q Moodle Global search displays user names for unauthenticated users | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-93gj-rg98-h7mm Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-54r2-r67g-fr9m Moodle User fullname disclosure on user preferences page | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу