Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-h58j-h7qq-f2c2
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
GHSA-9fh3-hj27-mwr8
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
GHSA-72gv-qqrp-h9qg
Moodle Users Can Bypass Deleted Status
GHSA-4w8m-96v9-2c86
Moodle CRLF Injection Vulnerability in Calendar Component
GHSA-3gm8-32vv-q8mp
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
GHSA-m939-6pxj-m7xx
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
GHSA-vw66-rcjg-qq7g
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
GHSA-x3rw-6g2v-2x72
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
GHSA-qw6v-v9vc-qfvq
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
GHSA-7556-5jcq-72q2
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-h58j-h7qq-f2c2 The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | 0% Низкий | больше 3 лет назад | |
| GHSA-9fh3-hj27-mwr8 The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | 0% Низкий | больше 3 лет назад | |
| GHSA-72gv-qqrp-h9qg Moodle Users Can Bypass Deleted Status | 0% Низкий | больше 3 лет назад | |
| GHSA-4w8m-96v9-2c86 Moodle CRLF Injection Vulnerability in Calendar Component | 0% Низкий | больше 3 лет назад | |
| GHSA-3gm8-32vv-q8mp Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter | 0% Низкий | больше 3 лет назад | |
| GHSA-m939-6pxj-m7xx Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 1% Низкий | больше 3 лет назад | |
| GHSA-vw66-rcjg-qq7g Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-x3rw-6g2v-2x72 Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-qw6v-v9vc-qfvq The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 0% Низкий | больше 3 лет назад | |
| GHSA-7556-5jcq-72q2 Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу