Количество 2 643
Количество 2 643
GHSA-r867-v437-4rrm
Moodle Cross-site request forgery (CSRF) vulnerability
GHSA-r82w-3phg-qvr4
Moodle uses the same key for QR login and auto-login
GHSA-r7cj-2ghq-wj88
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
GHSA-r729-mx2r-j26j
Moodle XSS Vulnerability
GHSA-r6j4-gmpg-6x9f
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
GHSA-r4xr-m393-778m
Moodle IDOR when accessing list of course badges
GHSA-r4vq-7rgp-99hx
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
GHSA-r3fc-hx6q-g6cq
Moodle allows attackers to discover student e-mail addresses
GHSA-r2wx-46gp-rp3h
Moodle Improper Input Validation
GHSA-r227-v24c-j96q
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
GHSA-qw6v-v9vc-qfvq
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
GHSA-qv3v-qfq2-p7vh
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
GHSA-qrqv-26gf-xgwh
Moodle LFI vulnerability when restoring malformed block backups
GHSA-qrcj-6fjw-3h9h
Moodle XSS Vulnerability
GHSA-qqvp-r28f-c3cv
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
GHSA-qqjv-mc2v-p7mc
Moodle SSRF Vulnerability
GHSA-qq3m-44fg-p6q8
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
GHSA-qm6h-hvwq-4xp6
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
GHSA-qhc7-xhc2-7p7w
Moodle self enrollment available before completing second factor with MFA enabled
GHSA-qh8m-6g4p-33h3
Moodle Improper Authentication
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-r867-v437-4rrm Moodle Cross-site request forgery (CSRF) vulnerability | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-r82w-3phg-qvr4 Moodle uses the same key for QR login and auto-login | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| GHSA-r7cj-2ghq-wj88 jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | 8% Низкий | больше 3 лет назад | |
| GHSA-r729-mx2r-j26j Moodle XSS Vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-r6j4-gmpg-6x9f The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-r4xr-m393-778m Moodle IDOR when accessing list of course badges | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-r4vq-7rgp-99hx mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | 0% Низкий | больше 3 лет назад | |
| GHSA-r3fc-hx6q-g6cq Moodle allows attackers to discover student e-mail addresses | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-r2wx-46gp-rp3h Moodle Improper Input Validation | 1% Низкий | больше 1 года назад | |
| GHSA-r227-v24c-j96q The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-qw6v-v9vc-qfvq The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 0% Низкий | больше 3 лет назад | |
| GHSA-qv3v-qfq2-p7vh lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | 0% Низкий | больше 3 лет назад | |
| GHSA-qrqv-26gf-xgwh Moodle LFI vulnerability when restoring malformed block backups | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| GHSA-qrcj-6fjw-3h9h Moodle XSS Vulnerability | CVSS3: 4.8 | 1% Низкий | больше 3 лет назад |
| GHSA-qqvp-r28f-c3cv lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | 0% Низкий | больше 3 лет назад | |
| GHSA-qqjv-mc2v-p7mc Moodle SSRF Vulnerability | CVSS3: 6.5 | 19% Средний | больше 3 лет назад |
| GHSA-qq3m-44fg-p6q8 Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. | 0% Низкий | больше 3 лет назад | |
| GHSA-qm6h-hvwq-4xp6 Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-qhc7-xhc2-7p7w Moodle self enrollment available before completing second factor with MFA enabled | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад |
| GHSA-qh8m-6g4p-33h3 Moodle Improper Authentication | CVSS3: 8.1 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу