Количество 2 643
Количество 2 643
GHSA-m3xp-4hf3-qfpp
Moodle allows remote attackers to obtain sensitive information
GHSA-m38p-4c43-vjrc
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
GHSA-m37g-mwcg-7j7v
Moodle Improper Encoding or Escaping of Output
GHSA-m367-445c-2xqr
Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository
GHSA-m34m-fgh4-v7cx
Moodle External blog editing takeover
GHSA-m2pf-4pf8-45j2
Moodle allows remote authenticated users to cause a denial of service (invalid database records)
GHSA-m2f7-57gp-v34q
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.
GHSA-jq7x-gm9r-v8m7
Moodle allows attackers to obtain sensitive information
GHSA-jpf2-9ppp-2c49
Moodle has insufficient access control
GHSA-jp4g-r8c9-3534
Moodle Blind SSRF Risk in /badges/mybackpack.php
GHSA-jjhx-5jff-rc8m
Moodle Improper Privilege Management
GHSA-jj3p-6mw3-6qmm
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").
GHSA-jj3j-mhgc-g4m4
Moodle cross-site scripting (XSS) vulnerability
GHSA-jgqm-rhq8-wrjr
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
GHSA-jgqm-9mm3-4p7g
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
GHSA-jg4f-8w9x-jv35
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-jfrg-9hpq-9hvp
Improper Access Control in moodle
GHSA-jcrj-x36p-h9f6
Moodle Open Redirect in Calendar Set Page
GHSA-jcrj-gmr6-p5j8
Moodle Allows Modification of Constants
GHSA-j9cw-5cpj-9qj5
Moodle has a Hidden Functionality vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-m3xp-4hf3-qfpp Moodle allows remote attackers to obtain sensitive information | 0% Низкий | больше 3 лет назад | |
| GHSA-m38p-4c43-vjrc SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | 0% Низкий | больше 3 лет назад | |
| GHSA-m37g-mwcg-7j7v Moodle Improper Encoding or Escaping of Output | CVSS3: 4.9 | 0% Низкий | около 3 лет назад |
| GHSA-m367-445c-2xqr Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository | CVSS3: 8.8 | 0% Низкий | 8 месяцев назад |
| GHSA-m34m-fgh4-v7cx Moodle External blog editing takeover | CVSS3: 6.3 | 0% Низкий | больше 3 лет назад |
| GHSA-m2pf-4pf8-45j2 Moodle allows remote authenticated users to cause a denial of service (invalid database records) | 0% Низкий | больше 3 лет назад | |
| GHSA-m2f7-57gp-v34q Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 0% Низкий | больше 3 лет назад | |
| GHSA-jq7x-gm9r-v8m7 Moodle allows attackers to obtain sensitive information | 0% Низкий | больше 3 лет назад | |
| GHSA-jpf2-9ppp-2c49 Moodle has insufficient access control | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-jp4g-r8c9-3534 Moodle Blind SSRF Risk in /badges/mybackpack.php | CVSS3: 10 | 0% Низкий | больше 3 лет назад |
| GHSA-jjhx-5jff-rc8m Moodle Improper Privilege Management | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-jj3p-6mw3-6qmm A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app"). | CVSS3: 6.1 | 2% Низкий | больше 3 лет назад |
| GHSA-jj3j-mhgc-g4m4 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-jgqm-rhq8-wrjr admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | 0% Низкий | больше 3 лет назад | |
| GHSA-jgqm-9mm3-4p7g Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | 0% Низкий | больше 3 лет назад | |
| GHSA-jg4f-8w9x-jv35 Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 5.9 | 0% Низкий | больше 1 года назад |
| GHSA-jfrg-9hpq-9hvp Improper Access Control in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| GHSA-jcrj-x36p-h9f6 Moodle Open Redirect in Calendar Set Page | 0% Низкий | больше 3 лет назад | |
| GHSA-jcrj-gmr6-p5j8 Moodle Allows Modification of Constants | 0% Низкий | больше 3 лет назад | |
| GHSA-j9cw-5cpj-9qj5 Moodle has a Hidden Functionality vulnerability | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу