Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-ghqg-3wq5-437q
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
GHSA-h2rg-p9qr-pqcr
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.
GHSA-xfgq-37vh-892j
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
GHSA-w2pj-r8m3-r4jc
Moodle Information Disclosure
GHSA-2hw6-6rgf-726v
Moodle XSS Vulnerability
GHSA-v33x-q8gh-4x42
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-grvw-qq2j-r898
Moodle multiple cross-site scripting (XSS) vulnerabilities
GHSA-mm9q-3847-m48x
Moodle allows attackers to enter additional answer attempts
GHSA-r227-v24c-j96q
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
GHSA-6922-5v25-p8jg
Moodle multiple cross-site scripting (XSS) vulnerabilities
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-ghqg-3wq5-437q Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 0% Низкий | больше 3 лет назад | |
| GHSA-h2rg-p9qr-pqcr course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | 0% Низкий | больше 3 лет назад | |
| GHSA-xfgq-37vh-892j Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. | CVSS3: 6.8 | 1% Низкий | больше 3 лет назад |
| GHSA-w2pj-r8m3-r4jc Moodle Information Disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-2hw6-6rgf-726v Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-v33x-q8gh-4x42 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-grvw-qq2j-r898 Moodle multiple cross-site scripting (XSS) vulnerabilities | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-mm9q-3847-m48x Moodle allows attackers to enter additional answer attempts | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-r227-v24c-j96q The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6922-5v25-p8jg Moodle multiple cross-site scripting (XSS) vulnerabilities | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу