Количество 2 643
Количество 2 643
GHSA-6g5x-h5x7-q4mq
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
GHSA-69xm-pcg8-8qxm
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
GHSA-69m9-rprc-2x7g
Moodle reveals student identities through assignment submissions search on anonymous submissions
GHSA-69c3-5xxf-58q2
SQL injection in moodle
GHSA-6922-5v25-p8jg
Moodle multiple cross-site scripting (XSS) vulnerabilities
GHSA-68x5-4jg5-gjgg
Moodle CSRF risk in analytics management of models
GHSA-68fm-qg53-rwwj
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
GHSA-688p-pgj4-77hh
Moodle allows attackers to obtain sensitive course-structure information
GHSA-683c-cq88-f22q
** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."
GHSA-66xp-28cq-mrf2
Moodle Denial of Service
GHSA-6656-6qwx-4c2m
Moodle XSS In Tag Autocomplete functionality
GHSA-664q-mrxx-2x2v
Moodle does not properly manage privileges for WebDAV repositories
GHSA-659w-gh8v-v435
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file.
GHSA-62wv-866c-rh86
Moodle does not properly restrict comment capabilities
GHSA-62wh-m4jr-233r
Moodle LTI module reflected XSS risk
GHSA-625r-4rf7-g699
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
GHSA-622h-cjgg-5mx6
Moodle allows attackers to bypass file-management restrictions
GHSA-5xqf-3mwv-q7gm
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
GHSA-5xp2-rv4h-mm2q
Moodle Open Redirect Vulnerability
GHSA-5x33-h32w-6vr2
Cross site-scripting (XSS) moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-6g5x-h5x7-q4mq Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад |
| GHSA-69xm-pcg8-8qxm In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-69m9-rprc-2x7g Moodle reveals student identities through assignment submissions search on anonymous submissions | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад |
| GHSA-69c3-5xxf-58q2 SQL injection in moodle | CVSS3: 9.8 | 1% Низкий | больше 3 лет назад |
| GHSA-6922-5v25-p8jg Moodle multiple cross-site scripting (XSS) vulnerabilities | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-68x5-4jg5-gjgg Moodle CSRF risk in analytics management of models | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| GHSA-68fm-qg53-rwwj SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | 2% Низкий | больше 3 лет назад | |
| GHSA-688p-pgj4-77hh Moodle allows attackers to obtain sensitive course-structure information | 0% Низкий | больше 3 лет назад | |
| GHSA-683c-cq88-f22q ** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields." | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-66xp-28cq-mrf2 Moodle Denial of Service | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-6656-6qwx-4c2m Moodle XSS In Tag Autocomplete functionality | 0% Низкий | больше 3 лет назад | |
| GHSA-664q-mrxx-2x2v Moodle does not properly manage privileges for WebDAV repositories | 1% Низкий | больше 3 лет назад | |
| GHSA-659w-gh8v-v435 lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. | 0% Низкий | больше 3 лет назад | |
| GHSA-62wv-866c-rh86 Moodle does not properly restrict comment capabilities | 1% Низкий | больше 3 лет назад | |
| GHSA-62wh-m4jr-233r Moodle LTI module reflected XSS risk | CVSS3: 6.1 | 82% Высокий | больше 3 лет назад |
| GHSA-625r-4rf7-g699 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | CVSS3: 7.2 | 1% Низкий | больше 3 лет назад |
| GHSA-622h-cjgg-5mx6 Moodle allows attackers to bypass file-management restrictions | 0% Низкий | больше 3 лет назад | |
| GHSA-5xqf-3mwv-q7gm Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-5xp2-rv4h-mm2q Moodle Open Redirect Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-5x33-h32w-6vr2 Cross site-scripting (XSS) moodle | CVSS3: 6.1 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу