Количество 2 470
Количество 2 470
GHSA-c7v4-m269-4995
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
GHSA-c7jj-vfmr-j9mj
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
GHSA-c78f-pfch-h9wc
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
GHSA-c767-4whh-v7rw
Moodle has user information visibility control issues in gradebook reports
GHSA-c6g7-c2cg-grhj
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.
GHSA-c5vq-jr45-v9q2
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
GHSA-c5hf-mc85-2hx4
Missing authorization in Moodle
GHSA-c4cq-v4wp-28hg
Moodle sensitive information disclosure
GHSA-c3vx-v4x8-x894
Moodle does not check for the moodle/course:viewhiddencourses capability
GHSA-c3pr-h96w-2jjg
Moodle XML import of ddwtos could lead to intentional remote code execution
GHSA-c3j6-33r4-89q3
Moodle Client side denial of service via personal message
GHSA-c2r4-f8qv-2v7v
Moodle allows attackers to read SCORM contents
GHSA-c2gc-3pq9-wq9x
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
GHSA-9xp2-5fr9-7mwm
Moodle vulnerable to SQL injection
GHSA-9x63-m3cc-qf3g
Moodle Unauthorized searching of arbitrary blogs by typing full url
GHSA-9v64-447r-wch6
Moodle Temporary Passwords are Brute Force-able
GHSA-9v3m-3w47-83fq
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
GHSA-9r7q-rgxm-f2hm
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.
GHSA-9r38-f9p6-3f7p
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
GHSA-9r26-5w88-qhp9
Authorization Bypass in moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-c7v4-m269-4995 Exposure of Sensitive Information to an Unauthorized Actor in Moodle | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-c7jj-vfmr-j9mj Moodle command execution vulnerability exists in the default legacy spellchecker plugin | CVSS3: 9.1 | 69% Средний | около 3 лет назад |
| GHSA-c78f-pfch-h9wc Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | 1% Низкий | около 3 лет назад | |
| GHSA-c767-4whh-v7rw Moodle has user information visibility control issues in gradebook reports | CVSS3: 5.3 | 0% Низкий | 7 месяцев назад |
| GHSA-c6g7-c2cg-grhj A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. | 0% Низкий | около 3 лет назад | |
| GHSA-c5vq-jr45-v9q2 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-c5hf-mc85-2hx4 Missing authorization in Moodle | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-c4cq-v4wp-28hg Moodle sensitive information disclosure | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-c3vx-v4x8-x894 Moodle does not check for the moodle/course:viewhiddencourses capability | 0% Низкий | около 3 лет назад | |
| GHSA-c3pr-h96w-2jjg Moodle XML import of ddwtos could lead to intentional remote code execution | CVSS3: 8.8 | 2% Низкий | около 3 лет назад |
| GHSA-c3j6-33r4-89q3 Moodle Client side denial of service via personal message | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-c2r4-f8qv-2v7v Moodle allows attackers to read SCORM contents | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-c2gc-3pq9-wq9x The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | 1% Низкий | около 3 лет назад | |
| GHSA-9xp2-5fr9-7mwm Moodle vulnerable to SQL injection | 0% Низкий | около 3 лет назад | |
| GHSA-9x63-m3cc-qf3g Moodle Unauthorized searching of arbitrary blogs by typing full url | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-9v64-447r-wch6 Moodle Temporary Passwords are Brute Force-able | 1% Низкий | около 3 лет назад | |
| GHSA-9v3m-3w47-83fq blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | 0% Низкий | около 3 лет назад | |
| GHSA-9r7q-rgxm-f2hm A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions. | 0% Низкий | около 3 лет назад | |
| GHSA-9r38-f9p6-3f7p rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | 0% Низкий | около 3 лет назад | |
| GHSA-9r26-5w88-qhp9 Authorization Bypass in moodle | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу