Количество 2 643
Количество 2 643
GHSA-c9jp-244j-vh78
Moodle cross-site scripting (XSS) vulnerability
GHSA-c9hq-g4q8-w893
Privilage Escalation in moodle
GHSA-c8v6-vxhf-wcrr
Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository
GHSA-c8pm-7v2j-xmww
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
GHSA-c87j-9rrq-h3j8
Moodle allows attackers to trigger the generation of arbitrary messages
GHSA-c7v4-m269-4995
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
GHSA-c7jj-vfmr-j9mj
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
GHSA-c78f-pfch-h9wc
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
GHSA-c767-4whh-v7rw
Moodle has user information visibility control issues in gradebook reports
GHSA-c6g7-c2cg-grhj
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role.
GHSA-c5vq-jr45-v9q2
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
GHSA-c5hf-mc85-2hx4
Missing authorization in Moodle
GHSA-c5cj-xp43-qcc3
Moodle's error handling leads to sensitive information disclosure
GHSA-c4cq-v4wp-28hg
Moodle sensitive information disclosure
GHSA-c3vx-v4x8-x894
Moodle does not check for the moodle/course:viewhiddencourses capability
GHSA-c3pr-h96w-2jjg
Moodle XML import of ddwtos could lead to intentional remote code execution
GHSA-c3j6-33r4-89q3
Moodle Client side denial of service via personal message
GHSA-c2r4-f8qv-2v7v
Moodle allows attackers to read SCORM contents
GHSA-c2gc-3pq9-wq9x
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
GHSA-9xp2-5fr9-7mwm
Moodle vulnerable to SQL injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-c9jp-244j-vh78 Moodle cross-site scripting (XSS) vulnerability | 1% Низкий | больше 3 лет назад | |
| GHSA-c9hq-g4q8-w893 Privilage Escalation in moodle | CVSS3: 5.3 | 0% Низкий | больше 4 лет назад |
| GHSA-c8v6-vxhf-wcrr Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository | CVSS3: 8.8 | 0% Низкий | 8 месяцев назад |
| GHSA-c8pm-7v2j-xmww The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. | 6% Низкий | больше 3 лет назад | |
| GHSA-c87j-9rrq-h3j8 Moodle allows attackers to trigger the generation of arbitrary messages | 0% Низкий | больше 3 лет назад | |
| GHSA-c7v4-m269-4995 Exposure of Sensitive Information to an Unauthorized Actor in Moodle | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| GHSA-c7jj-vfmr-j9mj Moodle command execution vulnerability exists in the default legacy spellchecker plugin | CVSS3: 9.1 | 69% Средний | больше 3 лет назад |
| GHSA-c78f-pfch-h9wc Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | 1% Низкий | больше 3 лет назад | |
| GHSA-c767-4whh-v7rw Moodle has user information visibility control issues in gradebook reports | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-c6g7-c2cg-grhj A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. | 0% Низкий | больше 3 лет назад | |
| GHSA-c5vq-jr45-v9q2 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-c5hf-mc85-2hx4 Missing authorization in Moodle | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-c5cj-xp43-qcc3 Moodle's error handling leads to sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-c4cq-v4wp-28hg Moodle sensitive information disclosure | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-c3vx-v4x8-x894 Moodle does not check for the moodle/course:viewhiddencourses capability | 0% Низкий | больше 3 лет назад | |
| GHSA-c3pr-h96w-2jjg Moodle XML import of ddwtos could lead to intentional remote code execution | CVSS3: 8.8 | 2% Низкий | больше 3 лет назад |
| GHSA-c3j6-33r4-89q3 Moodle Client side denial of service via personal message | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-c2r4-f8qv-2v7v Moodle allows attackers to read SCORM contents | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-c2gc-3pq9-wq9x The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | 0% Низкий | больше 3 лет назад | |
| GHSA-9xp2-5fr9-7mwm Moodle vulnerable to SQL injection | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу