Количество 2 643
Количество 2 643
GHSA-8m7c-hm88-2p97
Moodle shows hidden grades to users without permission on some grade reports
GHSA-8jhp-2gcr-qw96
Moodle vulnerable to RCE via unsafe deserialization
GHSA-8hxm-42v5-66hm
Moodle vulnerable to Cross-Site Request Forgery
GHSA-8gmm-53jc-x5c2
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
GHSA-8g5h-gjwq-w5ch
Moodle Logout CSRF in admin/tool/mfa/auth.php
GHSA-8fqh-rfgp-g35q
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
GHSA-8fcv-4qp9-pg32
Moodle sends quiz-related messages to inactive/suspended users
GHSA-89f3-74m6-g27g
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
GHSA-893p-hqf6-mg67
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.
GHSA-88xj-97gf-7wpq
Moodle has a CSRF risk in user tours manager that allows tour duplication
GHSA-86v9-gqh9-8268
Moodle vulnerable to Cross-site Scripting
GHSA-853r-xfvj-j429
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
GHSA-7xv5-m4rh-f939
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
GHSA-7x37-gppm-5c5h
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.
GHSA-7wmp-2xmx-g6h8
Moodle authorization headers preserved between "emulated redirects"
GHSA-7w7p-v23v-56qr
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
GHSA-7q33-5wgv-9752
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.
GHSA-7prr-3mfr-r778
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
GHSA-7pjp-fm93-p6pj
Cross-Site Request Forgery in moodle
GHSA-7p9m-wjgf-7xr6
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-8m7c-hm88-2p97 Moodle shows hidden grades to users without permission on some grade reports | CVSS3: 5.3 | 0% Низкий | 8 месяцев назад |
| GHSA-8jhp-2gcr-qw96 Moodle vulnerable to RCE via unsafe deserialization | CVSS3: 9.8 | 1% Низкий | около 4 лет назад |
| GHSA-8hxm-42v5-66hm Moodle vulnerable to Cross-Site Request Forgery | 0% Низкий | больше 3 лет назад | |
| GHSA-8gmm-53jc-x5c2 Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | 0% Низкий | больше 3 лет назад | |
| GHSA-8g5h-gjwq-w5ch Moodle Logout CSRF in admin/tool/mfa/auth.php | 1% Низкий | больше 1 года назад | |
| GHSA-8fqh-rfgp-g35q mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-8fcv-4qp9-pg32 Moodle sends quiz-related messages to inactive/suspended users | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-89f3-74m6-g27g Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module | 0% Низкий | больше 3 лет назад | |
| GHSA-893p-hqf6-mg67 lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | 0% Низкий | больше 3 лет назад | |
| GHSA-88xj-97gf-7wpq Moodle has a CSRF risk in user tours manager that allows tour duplication | CVSS3: 3.5 | 0% Низкий | 8 месяцев назад |
| GHSA-86v9-gqh9-8268 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-853r-xfvj-j429 SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | 1% Низкий | больше 3 лет назад | |
| GHSA-7xv5-m4rh-f939 Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | 0% Низкий | больше 3 лет назад | |
| GHSA-7x37-gppm-5c5h SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter. | 2% Низкий | больше 3 лет назад | |
| GHSA-7wmp-2xmx-g6h8 Moodle authorization headers preserved between "emulated redirects" | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
| GHSA-7w7p-v23v-56qr SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | 1% Низкий | больше 3 лет назад | |
| GHSA-7q33-5wgv-9752 The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | 0% Низкий | больше 3 лет назад | |
| GHSA-7prr-3mfr-r778 The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | 1% Низкий | больше 3 лет назад | |
| GHSA-7pjp-fm93-p6pj Cross-Site Request Forgery in moodle | CVSS3: 8.8 | 0% Низкий | почти 2 года назад |
| GHSA-7p9m-wjgf-7xr6 Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу