Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-wp3g-pr4h-q6vv
Moodle does not enforce capability requirements for reading blog comments
GHSA-prrh-679x-79qh
Moodle allows remote authenticated users to reassign notes
GHSA-wmmc-qjq2-vvm2
Moodle is vulnerable to Sensitive Information Disclosure
GHSA-664q-mrxx-2x2v
Moodle does not properly manage privileges for WebDAV repositories
GHSA-x6xq-cgc6-h2fq
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
GHSA-fx5h-3786-h2w6
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
GHSA-8r7x-qq55-74v2
Moodle does not enforce the forceloginforprofiles setting
GHSA-xr24-jp5c-6c4v
Moodle reveals absolute path in exception message
GHSA-pgp5-rcwp-qvfg
Moodle includes the WebDAV password in the configuration form
GHSA-p239-x7hg-j3w6
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-wp3g-pr4h-q6vv Moodle does not enforce capability requirements for reading blog comments | 1% Низкий | больше 3 лет назад | |
| GHSA-prrh-679x-79qh Moodle allows remote authenticated users to reassign notes | 0% Низкий | больше 3 лет назад | |
| GHSA-wmmc-qjq2-vvm2 Moodle is vulnerable to Sensitive Information Disclosure | 0% Низкий | больше 3 лет назад | |
| GHSA-664q-mrxx-2x2v Moodle does not properly manage privileges for WebDAV repositories | 1% Низкий | больше 3 лет назад | |
| GHSA-x6xq-cgc6-h2fq mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | 0% Низкий | больше 3 лет назад | |
| GHSA-fx5h-3786-h2w6 PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests | 1% Низкий | больше 3 лет назад | |
| GHSA-8r7x-qq55-74v2 Moodle does not enforce the forceloginforprofiles setting | 0% Низкий | больше 3 лет назад | |
| GHSA-xr24-jp5c-6c4v Moodle reveals absolute path in exception message | 0% Низкий | больше 3 лет назад | |
| GHSA-pgp5-rcwp-qvfg Moodle includes the WebDAV password in the configuration form | 0% Низкий | больше 3 лет назад | |
| GHSA-p239-x7hg-j3w6 blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу