Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-vw66-rcjg-qq7g
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
GHSA-m939-6pxj-m7xx
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
GHSA-x3rw-6g2v-2x72
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
GHSA-7556-5jcq-72q2
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
GHSA-qw6v-v9vc-qfvq
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
GHSA-mpjx-8phj-5m34
Moodle Allows Unauthenticated Dropbox Access
GHSA-gw89-x73p-wccw
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
GHSA-p94v-4vwh-qwpf
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
GHSA-7prr-3mfr-r778
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
GHSA-f6hv-6fvm-7xr9
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-vw66-rcjg-qq7g Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-m939-6pxj-m7xx Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 1% Низкий | больше 3 лет назад | |
| GHSA-x3rw-6g2v-2x72 Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-7556-5jcq-72q2 Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | 1% Низкий | больше 3 лет назад | |
| GHSA-qw6v-v9vc-qfvq The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 0% Низкий | больше 3 лет назад | |
| GHSA-mpjx-8phj-5m34 Moodle Allows Unauthenticated Dropbox Access | 0% Низкий | больше 3 лет назад | |
| GHSA-gw89-x73p-wccw webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | 0% Низкий | больше 3 лет назад | |
| GHSA-p94v-4vwh-qwpf Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | 0% Низкий | больше 3 лет назад | |
| GHSA-7prr-3mfr-r778 The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | 1% Низкий | больше 3 лет назад | |
| GHSA-f6hv-6fvm-7xr9 The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу