Количество 2 643
Количество 2 643
GHSA-22gj-8qj2-fj46
Moodle External Control of File Name or Path vulnerability
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summa ...
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow a ...
CVE-2023-5549
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5549
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5549
Insufficient web service capability checks made it possible to move ca ...
CVE-2023-5548
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5548
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5548
Stronger revision number limitations were required on file serving end ...
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5545
H5P metadata automatically populated the author with the user's userna ...
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was ...
CVE-2023-5542
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-22gj-8qj2-fj46 Moodle External Control of File Name or Path vulnerability | CVSS3: 5.3 | 18% Средний | больше 2 лет назад |
 | CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
 | CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summa ... | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
| CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
| CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow a ... | CVSS3: 6.5 | 1% Низкий | около 2 лет назад |
| CVE-2023-5549 Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5549 Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5549 Insufficient web service capability checks made it possible to move ca ... | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5548 Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5548 Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5548 Stronger revision number limitations were required on file serving end ... | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's username, which could be sensitive information. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's username, which could be sensitive information. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's userna ... | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5543 When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5543 When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5543 When duplicating a BigBlueButton activity, the original meeting ID was ... | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5542 Students in "Only see own membership" groups could see other students in the group, which should be hidden. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу