Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 536
GHSA-37mm-gc69-pw8r
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
GHSA-5fgv-cvr8-xg48
Moodle vulnerable to Cross-site Scripting
GHSA-966m-m549-2878
Moodle is vulnerable to unauthorized new accounts creation
GHSA-cfc8-jvc8-5w3f
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.
GHSA-r4vq-7rgp-99hx
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
GHSA-cx8w-wqgc-mpmh
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
GHSA-7xv5-m4rh-f939
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
GHSA-hchv-4gm2-gf5h
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.
GHSA-2887-hwqc-wcg8
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.
GHSA-276h-65c8-j9w4
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-37mm-gc69-pw8r Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | 1% Низкий | больше 3 лет назад | |
| GHSA-5fgv-cvr8-xg48 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-966m-m549-2878 Moodle is vulnerable to unauthorized new accounts creation | 0% Низкий | больше 3 лет назад | |
| GHSA-cfc8-jvc8-5w3f SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. | 0% Низкий | больше 3 лет назад | |
| GHSA-r4vq-7rgp-99hx mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | 0% Низкий | больше 3 лет назад | |
| GHSA-cx8w-wqgc-mpmh Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. | 0% Низкий | больше 3 лет назад | |
| GHSA-7xv5-m4rh-f939 Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | 0% Низкий | больше 3 лет назад | |
| GHSA-hchv-4gm2-gf5h mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | 0% Низкий | больше 3 лет назад | |
| GHSA-2887-hwqc-wcg8 Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | 1% Низкий | больше 3 лет назад | |
| GHSA-276h-65c8-j9w4 lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу