Количество 2 469
Количество 2 469
GHSA-r227-v24c-j96q
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
GHSA-qw6v-v9vc-qfvq
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
GHSA-qv3v-qfq2-p7vh
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
GHSA-qrqv-26gf-xgwh
Moodle LFI vulnerability when restoring malformed block backups
GHSA-qrcj-6fjw-3h9h
Moodle XSS Vulnerability
GHSA-qqvp-r28f-c3cv
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
GHSA-qqjv-mc2v-p7mc
Moodle SSRF Vulnerability
GHSA-qq3m-44fg-p6q8
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
GHSA-qm6h-hvwq-4xp6
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
GHSA-qh8m-6g4p-33h3
Moodle Improper Authentication
GHSA-qc86-vgf2-6fq6
Moodle SQL Injection vulnerability
GHSA-qc37-hv35-h42x
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
GHSA-q99x-mjmh-v8w7
Moodle's user/power level management inconsistent with suspended users
GHSA-q6vw-27c6-jv9c
Moodle Persistent Cross-site Scripting (XSS)
GHSA-q5m8-g27f-797h
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
GHSA-q53j-c866-h9mw
Moodle doesn't properly check role
GHSA-q3cm-ccrm-2mr6
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-q34m-x5mm-6rwc
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
GHSA-q2x3-2f9g-h559
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
GHSA-prrh-679x-79qh
Moodle allows remote authenticated users to reassign notes
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-r227-v24c-j96q The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-qw6v-v9vc-qfvq The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 0% Низкий | около 3 лет назад | |
| GHSA-qv3v-qfq2-p7vh lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | 0% Низкий | около 3 лет назад | |
| GHSA-qrqv-26gf-xgwh Moodle LFI vulnerability when restoring malformed block backups | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| GHSA-qrcj-6fjw-3h9h Moodle XSS Vulnerability | CVSS3: 4.8 | 1% Низкий | около 3 лет назад |
| GHSA-qqvp-r28f-c3cv lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | 0% Низкий | около 3 лет назад | |
| GHSA-qqjv-mc2v-p7mc Moodle SSRF Vulnerability | CVSS3: 6.5 | 17% Средний | около 3 лет назад |
| GHSA-qq3m-44fg-p6q8 Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. | 0% Низкий | около 3 лет назад | |
| GHSA-qm6h-hvwq-4xp6 Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. | 0% Низкий | около 3 лет назад | |
| GHSA-qh8m-6g4p-33h3 Moodle Improper Authentication | CVSS3: 8.1 | 2% Низкий | около 3 лет назад |
| GHSA-qc86-vgf2-6fq6 Moodle SQL Injection vulnerability | CVSS3: 9.8 | 0% Низкий | больше 2 лет назад |
| GHSA-qc37-hv35-h42x The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | 1% Низкий | около 3 лет назад | |
| GHSA-q99x-mjmh-v8w7 Moodle's user/power level management inconsistent with suspended users | CVSS3: 5.3 | 0% Низкий | 7 месяцев назад |
| GHSA-q6vw-27c6-jv9c Moodle Persistent Cross-site Scripting (XSS) | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-q5m8-g27f-797h In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| GHSA-q53j-c866-h9mw Moodle doesn't properly check role | 0% Низкий | около 3 лет назад | |
| GHSA-q3cm-ccrm-2mr6 Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| GHSA-q34m-x5mm-6rwc Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 2% Низкий | около 3 лет назад | |
| GHSA-q2x3-2f9g-h559 Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input | CVSS3: 9.8 | 1% Низкий | около 2 лет назад |
| GHSA-prrh-679x-79qh Moodle allows remote authenticated users to reassign notes | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу