Количество 2 643
Количество 2 643
GHSA-72gv-qqrp-h9qg
Moodle Users Can Bypass Deleted Status
GHSA-6xqg-f34f-5fjx
Moodle vulnerable to Cross-site Scripting
GHSA-6xpm-q8x9-j3rw
Moodle allows attackers to bypass intended access restrictions
GHSA-6xc9-39gx-2ch4
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
GHSA-6wq9-m5r8-4gq4
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.
GHSA-6w97-x9wf-g8mv
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
GHSA-6vjg-2q57-rgfw
Moodle allows attackers to cause a denial of service
GHSA-6vjf-48fh-vxxj
Improper Handling of Parameters in moodle
GHSA-6rm3-82c3-gjr8
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
GHSA-6rgj-rxh3-3g5j
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
GHSA-6r7x-6q98-qcqp
Moodle does not set the RISK_XSS bit for graders
GHSA-6r76-f8c8-fh7p
Moodle Cross-site Scripting in assignment submission page
GHSA-6q9g-3vfq-q2qj
Improper Authentication in moodle
GHSA-6q96-wmxp-mc79
backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action.
GHSA-6p3g-hw27-qh44
Moodle's time-validation implementation allows bypassing intended restrictions
GHSA-6mxm-wpqv-675h
Moodle XSS from profile fields from external db
GHSA-6jjc-cvfw-6mr6
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
GHSA-6jhm-4vmx-mr76
SQL injection in Moodle
GHSA-6gx2-g773-hv9h
Moodle reflected cross-site scripting vulnerability in policy tool
GHSA-6ggr-h9vf-pg47
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-72gv-qqrp-h9qg Moodle Users Can Bypass Deleted Status | 0% Низкий | больше 3 лет назад | |
| GHSA-6xqg-f34f-5fjx Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-6xpm-q8x9-j3rw Moodle allows attackers to bypass intended access restrictions | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6xc9-39gx-2ch4 calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. | 0% Низкий | больше 3 лет назад | |
| GHSA-6wq9-m5r8-4gq4 message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | 0% Низкий | больше 3 лет назад | |
| GHSA-6w97-x9wf-g8mv login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | 1% Низкий | больше 3 лет назад | |
| GHSA-6vjg-2q57-rgfw Moodle allows attackers to cause a denial of service | 1% Низкий | больше 3 лет назад | |
| GHSA-6vjf-48fh-vxxj Improper Handling of Parameters in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| GHSA-6rm3-82c3-gjr8 lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | 0% Низкий | больше 3 лет назад | |
| GHSA-6rgj-rxh3-3g5j login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | 0% Низкий | больше 3 лет назад | |
| GHSA-6r7x-6q98-qcqp Moodle does not set the RISK_XSS bit for graders | 0% Низкий | больше 3 лет назад | |
| GHSA-6r76-f8c8-fh7p Moodle Cross-site Scripting in assignment submission page | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-6q9g-3vfq-q2qj Improper Authentication in moodle | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-6q96-wmxp-mc79 backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 0% Низкий | больше 3 лет назад | |
| GHSA-6p3g-hw27-qh44 Moodle's time-validation implementation allows bypassing intended restrictions | 0% Низкий | больше 3 лет назад | |
| GHSA-6mxm-wpqv-675h Moodle XSS from profile fields from external db | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-6jjc-cvfw-6mr6 help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | 0% Низкий | больше 3 лет назад | |
| GHSA-6jhm-4vmx-mr76 SQL injection in Moodle | CVSS3: 9.8 | 3% Низкий | почти 4 года назад |
| GHSA-6gx2-g773-hv9h Moodle reflected cross-site scripting vulnerability in policy tool | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-6ggr-h9vf-pg47 mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу