Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-8vqr-8829-g4x5
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
GHSA-jgqm-rhq8-wrjr
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
GHSA-9qm6-cmrx-3j39
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
GHSA-h58j-h7qq-f2c2
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
GHSA-74j7-5pxr-x457
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
GHSA-4794-5xw8-8vrg
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
GHSA-4w8m-96v9-2c86
Moodle CRLF Injection Vulnerability in Calendar Component
GHSA-3gm8-32vv-q8mp
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
GHSA-72gv-qqrp-h9qg
Moodle Users Can Bypass Deleted Status
GHSA-9fh3-hj27-mwr8
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-8vqr-8829-g4x5 lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-jgqm-rhq8-wrjr admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | 0% Низкий | больше 3 лет назад | |
| GHSA-9qm6-cmrx-3j39 Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | 0% Низкий | больше 3 лет назад | |
| GHSA-h58j-h7qq-f2c2 The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | 0% Низкий | больше 3 лет назад | |
| GHSA-74j7-5pxr-x457 Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 1% Низкий | больше 3 лет назад | |
| GHSA-4794-5xw8-8vrg The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 0% Низкий | больше 3 лет назад | |
| GHSA-4w8m-96v9-2c86 Moodle CRLF Injection Vulnerability in Calendar Component | 0% Низкий | больше 3 лет назад | |
| GHSA-3gm8-32vv-q8mp Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter | 0% Низкий | больше 3 лет назад | |
| GHSA-72gv-qqrp-h9qg Moodle Users Can Bypass Deleted Status | 0% Низкий | больше 3 лет назад | |
| GHSA-9fh3-hj27-mwr8 The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу