Количество 2 541
Количество 2 541
GHSA-wwrq-jww7-39jq
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
GHSA-wwjf-gwrv-wh45
Moodle's IDOR in badges allows deletion of arbitrary badges
GHSA-ww45-x87c-wgff
Moodle all messaging conversations could be viewed
GHSA-wvh5-78h5-gmgr
Cross-site Scripting in moodle
GHSA-wv9c-pfpm-4wc5
Moodle CSRF Vulnerability
GHSA-wr88-x8cm-7cgq
Moodle has a stored XSS risk in admin live log
GHSA-wr6q-xv23-rfq9
Moodle Incorrect Authorization
GHSA-wq3g-p65w-h4pr
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
GHSA-wpq5-q3mj-8f3r
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-wp3g-pr4h-q6vv
Moodle does not enforce capability requirements for reading blog comments
GHSA-wmvq-q9h8-7j4g
Moodle sensitive information disclosure
GHSA-wmmc-qjq2-vvm2
Moodle is vulnerable to Sensitive Information Disclosure
GHSA-wm4w-8vc6-2j4h
Moodle XSS Vulnerability
GHSA-wjh9-wgjp-jmj6
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
GHSA-wj74-553p-4fv5
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
GHSA-wfmm-xq3h-78xx
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
GHSA-w979-xjw9-2g82
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
GHSA-w77v-xpxr-c6pv
Moodle cross-site scripting (XSS) vulnerability
GHSA-w66h-c2vj-cm7f
Moodle Authentication Bypass in File Upload
GHSA-w643-3f26-m8v5
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wwrq-jww7-39jq Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 1% Низкий | больше 3 лет назад | |
| GHSA-wwjf-gwrv-wh45 Moodle's IDOR in badges allows deletion of arbitrary badges | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| GHSA-ww45-x87c-wgff Moodle all messaging conversations could be viewed | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-wvh5-78h5-gmgr Cross-site Scripting in moodle | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| GHSA-wv9c-pfpm-4wc5 Moodle CSRF Vulnerability | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-wr88-x8cm-7cgq Moodle has a stored XSS risk in admin live log | CVSS3: 8.3 | 0% Низкий | 7 месяцев назад |
| GHSA-wr6q-xv23-rfq9 Moodle Incorrect Authorization | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| GHSA-wq3g-p65w-h4pr Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | 0% Низкий | больше 3 лет назад | |
| GHSA-wpq5-q3mj-8f3r Moodle multiple cross-site request forgery (CSRF) vulnerabilities | 0% Низкий | больше 3 лет назад | |
| GHSA-wp3g-pr4h-q6vv Moodle does not enforce capability requirements for reading blog comments | 1% Низкий | больше 3 лет назад | |
| GHSA-wmvq-q9h8-7j4g Moodle sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-wmmc-qjq2-vvm2 Moodle is vulnerable to Sensitive Information Disclosure | 0% Низкий | больше 3 лет назад | |
| GHSA-wm4w-8vc6-2j4h Moodle XSS Vulnerability | CVSS3: 5.3 | 10% Средний | больше 3 лет назад |
| GHSA-wjh9-wgjp-jmj6 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | 0% Низкий | больше 3 лет назад | |
| GHSA-wj74-553p-4fv5 mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | 1% Низкий | больше 3 лет назад | |
| GHSA-wfmm-xq3h-78xx grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | 0% Низкий | больше 3 лет назад | |
| GHSA-w979-xjw9-2g82 Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. | 0% Низкий | больше 3 лет назад | |
| GHSA-w77v-xpxr-c6pv Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-w66h-c2vj-cm7f Moodle Authentication Bypass in File Upload | 0% Низкий | больше 3 лет назад | |
| GHSA-w643-3f26-m8v5 Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу