Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-wp3g-pr4h-q6vv
Moodle does not enforce capability requirements for reading blog comments
GHSA-89f3-74m6-g27g
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
GHSA-w66h-c2vj-cm7f
Moodle Authentication Bypass in File Upload
GHSA-cc94-hwj3-rf65
Moodle's login_as feature leaks information from external repositories
GHSA-x3x8-fjw6-hccx
Moodle does not consider "don't send" attributes during hub registration
GHSA-gr8w-hm62-xw58
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
GHSA-664q-mrxx-2x2v
Moodle does not properly manage privileges for WebDAV repositories
GHSA-x6xq-cgc6-h2fq
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
GHSA-wmmc-qjq2-vvm2
Moodle is vulnerable to Sensitive Information Disclosure
GHSA-prrh-679x-79qh
Moodle allows remote authenticated users to reassign notes
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-wp3g-pr4h-q6vv Moodle does not enforce capability requirements for reading blog comments | 1% Низкий | больше 3 лет назад | |
| GHSA-89f3-74m6-g27g Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module | 0% Низкий | больше 3 лет назад | |
| GHSA-w66h-c2vj-cm7f Moodle Authentication Bypass in File Upload | 0% Низкий | больше 3 лет назад | |
| GHSA-cc94-hwj3-rf65 Moodle's login_as feature leaks information from external repositories | 0% Низкий | больше 3 лет назад | |
| GHSA-x3x8-fjw6-hccx Moodle does not consider "don't send" attributes during hub registration | 0% Низкий | больше 3 лет назад | |
| GHSA-gr8w-hm62-xw58 Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. | 0% Низкий | больше 3 лет назад | |
| GHSA-664q-mrxx-2x2v Moodle does not properly manage privileges for WebDAV repositories | 1% Низкий | больше 3 лет назад | |
| GHSA-x6xq-cgc6-h2fq mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | 0% Низкий | больше 3 лет назад | |
| GHSA-wmmc-qjq2-vvm2 Moodle is vulnerable to Sensitive Information Disclosure | 0% Низкий | больше 3 лет назад | |
| GHSA-prrh-679x-79qh Moodle allows remote authenticated users to reassign notes | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу