Количество 2 643
Количество 2 643
GHSA-qc86-vgf2-6fq6
Moodle SQL Injection vulnerability
GHSA-qc37-hv35-h42x
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
GHSA-q99x-mjmh-v8w7
Moodle's user/power level management inconsistent with suspended users
GHSA-q6vw-27c6-jv9c
Moodle Persistent Cross-site Scripting (XSS)
GHSA-q5m8-g27f-797h
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
GHSA-q53j-c866-h9mw
Moodle doesn't properly check role
GHSA-q3cm-ccrm-2mr6
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-q34m-x5mm-6rwc
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
GHSA-q2x3-2f9g-h559
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
GHSA-pxg4-xjp7-w9c5
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
GHSA-prrh-679x-79qh
Moodle allows remote authenticated users to reassign notes
GHSA-prjm-2fj2-787f
Moodle may allow teachers to access the names of users they could not otherwise access
GHSA-ppvj-8723-v728
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
GHSA-pj96-xh2w-fgqx
Moodle has an IDOR in messaging web service which allows access to some user details
GHSA-pj45-hp8h-289r
Moodle Secure layout contained an insecure link in Boost theme
GHSA-phqj-xp48-7p7c
Moodle does not use the forceloginforprofiles setting for course-profiles access control
GHSA-ph4r-v28v-v352
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
GHSA-pgp5-rcwp-qvfg
Moodle includes the WebDAV password in the configuration form
GHSA-pgm5-cr62-prxq
Moodle Arbitrary file read when importing lesson questions
GHSA-pgcp-m69h-p2gr
Cross-site Scripting (XSS) in moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-qc86-vgf2-6fq6 Moodle SQL Injection vulnerability | CVSS3: 9.8 | 1% Низкий | почти 3 года назад |
| GHSA-qc37-hv35-h42x The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-q99x-mjmh-v8w7 Moodle's user/power level management inconsistent with suspended users | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-q6vw-27c6-jv9c Moodle Persistent Cross-site Scripting (XSS) | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-q5m8-g27f-797h In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-q53j-c866-h9mw Moodle doesn't properly check role | 0% Низкий | больше 3 лет назад | |
| GHSA-q3cm-ccrm-2mr6 Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| GHSA-q34m-x5mm-6rwc Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 2% Низкий | больше 3 лет назад | |
| GHSA-q2x3-2f9g-h559 Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input | CVSS3: 9.8 | 1% Низкий | больше 2 лет назад |
| GHSA-pxg4-xjp7-w9c5 Moodle's feedback response viewing and deletions did not respect Separate Groups mode | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-prrh-679x-79qh Moodle allows remote authenticated users to reassign notes | 0% Низкий | больше 3 лет назад | |
| GHSA-prjm-2fj2-787f Moodle may allow teachers to access the names of users they could not otherwise access | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-ppvj-8723-v728 Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | 5% Низкий | больше 3 лет назад | |
| GHSA-pj96-xh2w-fgqx Moodle has an IDOR in messaging web service which allows access to some user details | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад |
| GHSA-pj45-hp8h-289r Moodle Secure layout contained an insecure link in Boost theme | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-phqj-xp48-7p7c Moodle does not use the forceloginforprofiles setting for course-profiles access control | 0% Низкий | больше 3 лет назад | |
| GHSA-ph4r-v28v-v352 backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname. | 0% Низкий | больше 3 лет назад | |
| GHSA-pgp5-rcwp-qvfg Moodle includes the WebDAV password in the configuration form | 0% Низкий | больше 3 лет назад | |
| GHSA-pgm5-cr62-prxq Moodle Arbitrary file read when importing lesson questions | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
| GHSA-pgcp-m69h-p2gr Cross-site Scripting (XSS) in moodle | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу