Количество 2 469
Количество 2 469
GHSA-m7cc-6vhg-39wr
Moodle improper access control
GHSA-m63h-q4x3-6hwj
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
GHSA-m55g-vpgh-vw7c
A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.
GHSA-m434-m5pv-p35w
Insufficient user authorization in Moodle
GHSA-m3xp-4hf3-qfpp
Moodle allows remote attackers to obtain sensitive information
GHSA-m38p-4c43-vjrc
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
GHSA-m37g-mwcg-7j7v
Moodle Improper Encoding or Escaping of Output
GHSA-m34m-fgh4-v7cx
Moodle External blog editing takeover
GHSA-m2pf-4pf8-45j2
Moodle allows remote authenticated users to cause a denial of service (invalid database records)
GHSA-m2f7-57gp-v34q
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
GHSA-jq7x-gm9r-v8m7
Moodle allows attackers to obtain sensitive information
GHSA-jpf2-9ppp-2c49
Moodle has insufficient access control
GHSA-jp4g-r8c9-3534
Moodle Blind SSRF Risk in /badges/mybackpack.php
GHSA-jjhx-5jff-rc8m
Moodle Improper Privilege Management
GHSA-jj3p-6mw3-6qmm
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").
GHSA-jj3j-mhgc-g4m4
Moodle cross-site scripting (XSS) vulnerability
GHSA-jgqm-rhq8-wrjr
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
GHSA-jgqm-9mm3-4p7g
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
GHSA-jg4f-8w9x-jv35
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-jfrg-9hpq-9hvp
Improper Access Control in moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-m7cc-6vhg-39wr Moodle improper access control | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-m63h-q4x3-6hwj Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class | 1% Низкий | около 3 лет назад | |
| GHSA-m55g-vpgh-vw7c A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-m434-m5pv-p35w Insufficient user authorization in Moodle | CVSS3: 3.8 | 0% Низкий | больше 3 лет назад |
| GHSA-m3xp-4hf3-qfpp Moodle allows remote attackers to obtain sensitive information | 0% Низкий | около 3 лет назад | |
| GHSA-m38p-4c43-vjrc SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | 0% Низкий | около 3 лет назад | |
| GHSA-m37g-mwcg-7j7v Moodle Improper Encoding or Escaping of Output | CVSS3: 4.9 | 0% Низкий | больше 2 лет назад |
| GHSA-m34m-fgh4-v7cx Moodle External blog editing takeover | CVSS3: 6.3 | 0% Низкий | около 3 лет назад |
| GHSA-m2pf-4pf8-45j2 Moodle allows remote authenticated users to cause a denial of service (invalid database records) | 0% Низкий | около 3 лет назад | |
| GHSA-m2f7-57gp-v34q Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 0% Низкий | около 3 лет назад | |
| GHSA-jq7x-gm9r-v8m7 Moodle allows attackers to obtain sensitive information | 0% Низкий | около 3 лет назад | |
| GHSA-jpf2-9ppp-2c49 Moodle has insufficient access control | CVSS3: 5.3 | 0% Низкий | 7 месяцев назад |
| GHSA-jp4g-r8c9-3534 Moodle Blind SSRF Risk in /badges/mybackpack.php | CVSS3: 10 | 0% Низкий | около 3 лет назад |
| GHSA-jjhx-5jff-rc8m Moodle Improper Privilege Management | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-jj3p-6mw3-6qmm A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app"). | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-jj3j-mhgc-g4m4 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-jgqm-rhq8-wrjr admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | 0% Низкий | около 3 лет назад | |
| GHSA-jgqm-9mm3-4p7g Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | 0% Низкий | около 3 лет назад | |
| GHSA-jg4f-8w9x-jv35 Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 5.9 | 0% Низкий | около 1 года назад |
| GHSA-jfrg-9hpq-9hvp Improper Access Control in moodle | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу