Students in "Only see own membership" groups could see other students ...

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

A remote code execution risk was identified in the IMSCP activity. By ...

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

A remote code execution risk was identified in the Lesson activity. By ...

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

The vulnerability was found Moodle which exists due to insufficient sa ...

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

The vulnerability was found Moodle which exists because the applicatio ...

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

The H5P activity attempts report did not filter by groups, which in se ...

A limited SQL injection risk was identified in the "browse list of users" site administration page.