Количество 2 643
Количество 2 643
GHSA-4jm2-c9jr-6prf
Moodle allows attackers to bypass a messaging-disabled setting
GHSA-4jc7-gpxx-gg52
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
GHSA-4hmr-39vp-xfrr
Moodle has an arbitrary file read risk through pdfTeX
GHSA-4hjf-6pxr-549h
Moodle Cross-site Scripting vulnerability
GHSA-4gq2-x5w4-7hp8
Moodle has insufficient capability checks
GHSA-4fm4-pcw7-99hg
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.
GHSA-4c5g-w3gf-rf4f
Moodle allows attackers to obtain username and course information
GHSA-49mv-vfcp-8gg9
Moodle vulnerable to SQL Injection
GHSA-48rq-vj58-2mh6
Moodle creates a MoodleMobile web-service token with an infinite lifetime
GHSA-487g-3m3v-hjhq
Uncontrolled Resource Consumption in moodle
GHSA-47cw-whh9-j2fq
Moodle allows attacks to obtain sensitive information
GHSA-4794-5xw8-8vrg
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
GHSA-475h-wv64-r896
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.
GHSA-468q-9cmp-76wc
Moodle does not consider the moodle/tag:edit capability before adding a tag
GHSA-45rw-4r25-jvg7
Moodle Logged in users could view all calendar events
GHSA-454r-jccq-96q8
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-454r-4cjv-vc9h
Moodle allows attackers to obtain manager privileges
GHSA-44xp-wj24-9xxj
Moodle allows attackers to delete files
GHSA-4452-2568-9wpm
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information.
GHSA-43r4-vm25-qm78
Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4jm2-c9jr-6prf Moodle allows attackers to bypass a messaging-disabled setting | 0% Низкий | больше 3 лет назад | |
| GHSA-4jc7-gpxx-gg52 The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | 0% Низкий | больше 3 лет назад | |
| GHSA-4hmr-39vp-xfrr Moodle has an arbitrary file read risk through pdfTeX | CVSS3: 8.6 | 0% Низкий | 10 месяцев назад |
| GHSA-4hjf-6pxr-549h Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 1% Низкий | около 1 года назад |
| GHSA-4gq2-x5w4-7hp8 Moodle has insufficient capability checks | CVSS3: 5.3 | 1% Низкий | около 1 года назад |
| GHSA-4fm4-pcw7-99hg The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | 0% Низкий | больше 3 лет назад | |
| GHSA-4c5g-w3gf-rf4f Moodle allows attackers to obtain username and course information | 0% Низкий | больше 3 лет назад | |
| GHSA-49mv-vfcp-8gg9 Moodle vulnerable to SQL Injection | CVSS3: 6.3 | 0% Низкий | больше 2 лет назад |
| GHSA-48rq-vj58-2mh6 Moodle creates a MoodleMobile web-service token with an infinite lifetime | 0% Низкий | больше 3 лет назад | |
| GHSA-487g-3m3v-hjhq Uncontrolled Resource Consumption in moodle | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| GHSA-47cw-whh9-j2fq Moodle allows attacks to obtain sensitive information | 0% Низкий | больше 3 лет назад | |
| GHSA-4794-5xw8-8vrg The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 0% Низкий | больше 3 лет назад | |
| GHSA-475h-wv64-r896 Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. | 0% Низкий | больше 3 лет назад | |
| GHSA-468q-9cmp-76wc Moodle does not consider the moodle/tag:edit capability before adding a tag | 0% Низкий | больше 3 лет назад | |
| GHSA-45rw-4r25-jvg7 Moodle Logged in users could view all calendar events | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-454r-jccq-96q8 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-454r-4cjv-vc9h Moodle allows attackers to obtain manager privileges | CVSS3: 6.8 | 0% Низкий | больше 3 лет назад |
| GHSA-44xp-wj24-9xxj Moodle allows attackers to delete files | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-4452-2568-9wpm Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | 1% Низкий | больше 3 лет назад | |
| GHSA-43r4-vm25-qm78 Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу