Количество 2 643
Количество 2 643
GHSA-hhq7-jf2p-hw9c
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-hh52-g5c4-wprh
Moodle may allow authenticated users to enumerate other user's names via learning plans page
GHSA-hgw3-h5hf-vjv2
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
GHSA-hchv-4gm2-gf5h
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.
GHSA-h9w8-4376-j344
Moodle does not properly validate module instance id
GHSA-h8vc-v44p-5r2q
Moodle provides calendar-event data without considering whether an activity is hidden
GHSA-h8m4-h385-qhqv
Moodle Cross-site Scripting
GHSA-h7xp-7fjp-ghhc
moodle Improper Access Control
GHSA-h7h6-fwpv-ggvx
Moodle contains Stored XSS via ID number user profile field
GHSA-h798-h7ff-93xv
Moodle Arbitrary Redirect
GHSA-h77r-rp97-7rv4
Privilage Escalation in moodle
GHSA-h75f-hjcr-cvh8
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-h6px-pvfh-q2jv
Moodle vulnerable to Cross-Site Scripting
GHSA-h697-w4ph-7pcx
Moodle has a stored XSS in ddimageortext question type
GHSA-h58j-h7qq-f2c2
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
GHSA-h46g-v2m5-f7jh
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.
GHSA-h34c-px28-rjgw
Moodle mishandles group-based authorization checks
GHSA-h2rg-p9qr-pqcr
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.
GHSA-gxf9-5xr3-34cc
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.
GHSA-gwf6-q6c2-94p3
Moodle ReCAPTCHA can be bypassed on the login page
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-hhq7-jf2p-hw9c Moodle multiple cross-site request forgery (CSRF) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-hh52-g5c4-wprh Moodle may allow authenticated users to enumerate other user's names via learning plans page | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-hgw3-h5hf-vjv2 Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. | 0% Низкий | больше 3 лет назад | |
| GHSA-hchv-4gm2-gf5h mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | 0% Низкий | больше 3 лет назад | |
| GHSA-h9w8-4376-j344 Moodle does not properly validate module instance id | 0% Низкий | больше 3 лет назад | |
| GHSA-h8vc-v44p-5r2q Moodle provides calendar-event data without considering whether an activity is hidden | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-h8m4-h385-qhqv Moodle Cross-site Scripting | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| GHSA-h7xp-7fjp-ghhc moodle Improper Access Control | CVSS3: 4 | 0% Низкий | больше 3 лет назад |
| GHSA-h7h6-fwpv-ggvx Moodle contains Stored XSS via ID number user profile field | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| GHSA-h798-h7ff-93xv Moodle Arbitrary Redirect | 0% Низкий | больше 3 лет назад | |
| GHSA-h77r-rp97-7rv4 Privilage Escalation in moodle | CVSS3: 7.5 | 0% Низкий | больше 4 лет назад |
| GHSA-h75f-hjcr-cvh8 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-h6px-pvfh-q2jv Moodle vulnerable to Cross-Site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-h697-w4ph-7pcx Moodle has a stored XSS in ddimageortext question type | CVSS3: 3.4 | 0% Низкий | 10 месяцев назад |
| GHSA-h58j-h7qq-f2c2 The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | 0% Низкий | больше 3 лет назад | |
| GHSA-h46g-v2m5-f7jh mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. | 0% Низкий | больше 3 лет назад | |
| GHSA-h34c-px28-rjgw Moodle mishandles group-based authorization checks | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-h2rg-p9qr-pqcr course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | 0% Низкий | больше 3 лет назад | |
| GHSA-gxf9-5xr3-34cc Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. | 0% Низкий | больше 3 лет назад | |
| GHSA-gwf6-q6c2-94p3 Moodle ReCAPTCHA can be bypassed on the login page | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу