moodle: IDOR when fetching report schedules

Moodle open redirect vulnerability

Moodle vulnerable to Cross-Site Request Forgery

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Moodle has a CSRF risk in Brickfield tool's analysis request action

Moodle multiple cross-site scripting (XSS) vulnerabilities

Moodle allows attackers to obtain sensitive category-detail information

Moodle improper access control

Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class

A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.

Insufficient user authorization in Moodle

Moodle allows remote attackers to obtain sensitive information

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

Moodle Improper Encoding or Escaping of Output

Moodle External blog editing takeover

Moodle allows remote authenticated users to cause a denial of service (invalid database records)

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Moodle allows attackers to obtain sensitive information

Moodle has insufficient access control

Moodle Blind SSRF Risk in /badges/mybackpack.php