Количество 2 470
Количество 2 470
GHSA-4qww-rxq6-x7gf
Moodle broken access control when setting calendar event type
GHSA-4pv6-rw85-g6wg
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
GHSA-4ppg-2mx6-fqx9
Moodle allows attackers to bypass intended login restrictions
GHSA-4m6v-x9fj-847j
Moodle Cross-site Scripting in the Course summary filter of the Add a new course
GHSA-4jm2-c9jr-6prf
Moodle allows attackers to bypass a messaging-disabled setting
GHSA-4jc7-gpxx-gg52
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
GHSA-4hjf-6pxr-549h
Moodle Cross-site Scripting vulnerability
GHSA-4gq2-x5w4-7hp8
Moodle has insufficient capability checks
GHSA-4fm4-pcw7-99hg
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.
GHSA-4c5g-w3gf-rf4f
Moodle allows attackers to obtain username and course information
GHSA-49mv-vfcp-8gg9
Moodle vulnerable to SQL Injection
GHSA-48rq-vj58-2mh6
Moodle creates a MoodleMobile web-service token with an infinite lifetime
GHSA-487g-3m3v-hjhq
Uncontrolled Resource Consumption in moodle
GHSA-47cw-whh9-j2fq
Moodle allows attacks to obtain sensitive information
GHSA-4794-5xw8-8vrg
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
GHSA-475h-wv64-r896
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.
GHSA-468q-9cmp-76wc
Moodle does not consider the moodle/tag:edit capability before adding a tag
GHSA-45rw-4r25-jvg7
Moodle Logged in users could view all calendar events
GHSA-454r-jccq-96q8
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-454r-4cjv-vc9h
Moodle allows attackers to obtain manager privileges
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4qww-rxq6-x7gf Moodle broken access control when setting calendar event type | CVSS3: 6.2 | 0% Низкий | около 1 года назад |
| GHSA-4pv6-rw85-g6wg theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response. | 0% Низкий | около 3 лет назад | |
| GHSA-4ppg-2mx6-fqx9 Moodle allows attackers to bypass intended login restrictions | 0% Низкий | около 3 лет назад | |
| GHSA-4m6v-x9fj-847j Moodle Cross-site Scripting in the Course summary filter of the Add a new course | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-4jm2-c9jr-6prf Moodle allows attackers to bypass a messaging-disabled setting | 0% Низкий | около 3 лет назад | |
| GHSA-4jc7-gpxx-gg52 The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | 0% Низкий | около 3 лет назад | |
| GHSA-4hjf-6pxr-549h Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 0% Низкий | 8 месяцев назад |
| GHSA-4gq2-x5w4-7hp8 Moodle has insufficient capability checks | CVSS3: 5.3 | 0% Низкий | 8 месяцев назад |
| GHSA-4fm4-pcw7-99hg The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | 0% Низкий | около 3 лет назад | |
| GHSA-4c5g-w3gf-rf4f Moodle allows attackers to obtain username and course information | 0% Низкий | около 3 лет назад | |
| GHSA-49mv-vfcp-8gg9 Moodle vulnerable to SQL Injection | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| GHSA-48rq-vj58-2mh6 Moodle creates a MoodleMobile web-service token with an infinite lifetime | 0% Низкий | около 3 лет назад | |
| GHSA-487g-3m3v-hjhq Uncontrolled Resource Consumption in moodle | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| GHSA-47cw-whh9-j2fq Moodle allows attacks to obtain sensitive information | 0% Низкий | около 3 лет назад | |
| GHSA-4794-5xw8-8vrg The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 0% Низкий | около 3 лет назад | |
| GHSA-475h-wv64-r896 Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. | 0% Низкий | около 3 лет назад | |
| GHSA-468q-9cmp-76wc Moodle does not consider the moodle/tag:edit capability before adding a tag | 0% Низкий | около 3 лет назад | |
| GHSA-45rw-4r25-jvg7 Moodle Logged in users could view all calendar events | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-454r-jccq-96q8 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-454r-4cjv-vc9h Moodle allows attackers to obtain manager privileges | CVSS3: 6.8 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу