Количество 2 643
Количество 2 643
GHSA-pg89-qp74-vch2
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
GHSA-p9hr-f4xj-8w8r
Moodle included private user files in course backups
GHSA-p9cx-f595-h79h
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
GHSA-p94v-4vwh-qwpf
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
GHSA-p7v9-gjrh-563x
Moodle XSS Vulnerability
GHSA-p5j7-26wj-423j
Moodle allows discovery of an author's username
GHSA-p5cg-6rfr-6mx8
Moodle stored XSS via calendar's event title when deleting the event
GHSA-p586-c547-p893
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server.
GHSA-p497-37fc-xvvc
Moodle allows attackers to cause a denial of service
GHSA-p3hj-cfhm-7g6v
Moodle allows attackers to remove wiki pages
GHSA-p2cj-86v4-7782
Moodle HTTP authorization header is preserved between "emulated redirects"
GHSA-p269-r9cq-frhv
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
GHSA-p239-x7hg-j3w6
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed.
GHSA-mxp2-wcjh-jf72
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
GHSA-mx26-62xm-2p83
Moodle vulnerable to site administration SQL injection via XMLDB editor
GHSA-mw6p-49jf-9935
Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page
GHSA-mrrv-fq8p-rp6j
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php
GHSA-mr97-gvvg-rhgh
Moodle Exposes Sensitive User Information
GHSA-mpjx-8phj-5m34
Moodle Allows Unauthenticated Dropbox Access
GHSA-mphj-h2fc-62x3
Moodle allows attackers to bypass the mod/lti:view capability requirement
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-pg89-qp74-vch2 mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | 0% Низкий | больше 3 лет назад | |
| GHSA-p9hr-f4xj-8w8r Moodle included private user files in course backups | CVSS3: 4.3 | 1% Низкий | больше 3 лет назад |
| GHSA-p9cx-f595-h79h Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| GHSA-p94v-4vwh-qwpf Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | 0% Низкий | больше 3 лет назад | |
| GHSA-p7v9-gjrh-563x Moodle XSS Vulnerability | CVSS3: 7.3 | 0% Низкий | больше 3 лет назад |
| GHSA-p5j7-26wj-423j Moodle allows discovery of an author's username | 0% Низкий | больше 3 лет назад | |
| GHSA-p5cg-6rfr-6mx8 Moodle stored XSS via calendar's event title when deleting the event | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| GHSA-p586-c547-p893 The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | 0% Низкий | больше 3 лет назад | |
| GHSA-p497-37fc-xvvc Moodle allows attackers to cause a denial of service | 1% Низкий | больше 3 лет назад | |
| GHSA-p3hj-cfhm-7g6v Moodle allows attackers to remove wiki pages | 1% Низкий | больше 3 лет назад | |
| GHSA-p2cj-86v4-7782 Moodle HTTP authorization header is preserved between "emulated redirects" | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| GHSA-p269-r9cq-frhv Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 0% Низкий | больше 3 лет назад | |
| GHSA-p239-x7hg-j3w6 blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | 0% Низкий | больше 3 лет назад | |
| GHSA-mxp2-wcjh-jf72 The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. | 0% Низкий | больше 3 лет назад | |
| GHSA-mx26-62xm-2p83 Moodle vulnerable to site administration SQL injection via XMLDB editor | CVSS3: 7.2 | 0% Низкий | около 1 года назад |
| GHSA-mw6p-49jf-9935 Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page | 0% Низкий | больше 3 лет назад | |
| GHSA-mrrv-fq8p-rp6j Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 1% Низкий | больше 3 лет назад | |
| GHSA-mr97-gvvg-rhgh Moodle Exposes Sensitive User Information | 0% Низкий | больше 3 лет назад | |
| GHSA-mpjx-8phj-5m34 Moodle Allows Unauthenticated Dropbox Access | 0% Низкий | больше 3 лет назад | |
| GHSA-mphj-h2fc-62x3 Moodle allows attackers to bypass the mod/lti:view capability requirement | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу