Количество 2 469
Количество 2 469
GHSA-wwjf-gwrv-wh45
Moodle's IDOR in badges allows deletion of arbitrary badges
GHSA-ww45-x87c-wgff
Moodle all messaging conversations could be viewed
GHSA-wvh5-78h5-gmgr
Cross-site Scripting in moodle
GHSA-wv9c-pfpm-4wc5
Moodle CSRF Vulnerability
GHSA-wr6q-xv23-rfq9
Moodle Incorrect Authorization
GHSA-wq3g-p65w-h4pr
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
GHSA-wpq5-q3mj-8f3r
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-wp3g-pr4h-q6vv
Moodle does not enforce capability requirements for reading blog comments
GHSA-wmvq-q9h8-7j4g
Moodle sensitive information disclosure
GHSA-wmmc-qjq2-vvm2
Moodle is vulnerable to Sensitive Information Disclosure
GHSA-wm4w-8vc6-2j4h
Moodle XSS Vulnerability
GHSA-wjh9-wgjp-jmj6
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
GHSA-wj74-553p-4fv5
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
GHSA-wfmm-xq3h-78xx
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
GHSA-w979-xjw9-2g82
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
GHSA-w77v-xpxr-c6pv
Moodle cross-site scripting (XSS) vulnerability
GHSA-w66h-c2vj-cm7f
Moodle Authentication Bypass in File Upload
GHSA-w643-3f26-m8v5
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
GHSA-w4f8-f35q-x83j
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.
GHSA-w37f-pvvx-wcwm
Incorrect Calculation in moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wwjf-gwrv-wh45 Moodle's IDOR in badges allows deletion of arbitrary badges | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| GHSA-ww45-x87c-wgff Moodle all messaging conversations could be viewed | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-wvh5-78h5-gmgr Cross-site Scripting in moodle | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| GHSA-wv9c-pfpm-4wc5 Moodle CSRF Vulnerability | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-wr6q-xv23-rfq9 Moodle Incorrect Authorization | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-wq3g-p65w-h4pr Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | 0% Низкий | около 3 лет назад | |
| GHSA-wpq5-q3mj-8f3r Moodle multiple cross-site request forgery (CSRF) vulnerabilities | 0% Низкий | около 3 лет назад | |
| GHSA-wp3g-pr4h-q6vv Moodle does not enforce capability requirements for reading blog comments | 1% Низкий | около 3 лет назад | |
| GHSA-wmvq-q9h8-7j4g Moodle sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-wmmc-qjq2-vvm2 Moodle is vulnerable to Sensitive Information Disclosure | 0% Низкий | около 3 лет назад | |
| GHSA-wm4w-8vc6-2j4h Moodle XSS Vulnerability | CVSS3: 5.3 | 8% Низкий | около 3 лет назад |
| GHSA-wjh9-wgjp-jmj6 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | 0% Низкий | около 3 лет назад | |
| GHSA-wj74-553p-4fv5 mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | 1% Низкий | около 3 лет назад | |
| GHSA-wfmm-xq3h-78xx grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | 0% Низкий | около 3 лет назад | |
| GHSA-w979-xjw9-2g82 Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. | 0% Низкий | около 3 лет назад | |
| GHSA-w77v-xpxr-c6pv Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-w66h-c2vj-cm7f Moodle Authentication Bypass in File Upload | 0% Низкий | около 3 лет назад | |
| GHSA-w643-3f26-m8v5 Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | 0% Низкий | около 3 лет назад | |
| GHSA-w4f8-f35q-x83j Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-w37f-pvvx-wcwm Incorrect Calculation in moodle | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
Уязвимостей на страницу