Количество 2 470
Количество 2 470
GHSA-2jxg-mv2m-j4r7
Moodle type juggling vulnerability
GHSA-2jrm-gww7-wch2
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
GHSA-2jcw-r79x-4r5v
Moodle does not set the RISK_XSS bit for graders
GHSA-2hw8-qj3h-c7pq
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
GHSA-2hw6-6rgf-726v
Moodle XSS Vulnerability
GHSA-2hw2-h3mf-c2j9
Moodle open redirect vulnerability
GHSA-2hmm-q272-xmhf
Moodle remote code execution
GHSA-2hh3-jmv8-5fmx
Moodle Does Not Escape Characters In Email Headers
GHSA-2fmv-j5xj-4fmq
Moodle Reveals Student Information Meant To Be Anonymous
GHSA-2c5m-jj29-px47
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
GHSA-28gc-4qq5-8q26
Moodle Cross-site Scripting vulnerability
GHSA-2887-hwqc-wcg8
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.
GHSA-27j2-c838-c3qg
Moodle Arbitrary File Read via XML External Entity vulnerability
GHSA-276h-65c8-j9w4
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
GHSA-273w-7fxj-pcp6
Moodle vulnerable to Uncontrolled Resource Consumption
GHSA-267j-cwvg-j28c
Moodle attackers to modify grade metadata
GHSA-2563-fp9c-mgm8
Moodle Session Fixation vulnerability
GHSA-243v-5pff-qqfj
Moodle Open redirect risk in mobile auto-login feature
GHSA-227w-xh58-rx2j
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
CVE-2025-3638
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-2jxg-mv2m-j4r7 Moodle type juggling vulnerability | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-2jrm-gww7-wch2 Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration | CVSS3: 7.2 | 1% Низкий | около 3 лет назад |
| GHSA-2jcw-r79x-4r5v Moodle does not set the RISK_XSS bit for graders | 0% Низкий | около 3 лет назад | |
| GHSA-2hw8-qj3h-c7pq badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. | 1% Низкий | около 3 лет назад | |
| GHSA-2hw6-6rgf-726v Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-2hw2-h3mf-c2j9 Moodle open redirect vulnerability | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
| GHSA-2hmm-q272-xmhf Moodle remote code execution | CVSS3: 9.8 | 9% Низкий | больше 2 лет назад |
| GHSA-2hh3-jmv8-5fmx Moodle Does Not Escape Characters In Email Headers | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-2fmv-j5xj-4fmq Moodle Reveals Student Information Meant To Be Anonymous | 0% Низкий | около 3 лет назад | |
| GHSA-2c5m-jj29-px47 Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | 4% Низкий | около 3 лет назад | |
| GHSA-28gc-4qq5-8q26 Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| GHSA-2887-hwqc-wcg8 Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | 1% Низкий | около 3 лет назад | |
| GHSA-27j2-c838-c3qg Moodle Arbitrary File Read via XML External Entity vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-276h-65c8-j9w4 lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | 0% Низкий | около 3 лет назад | |
| GHSA-273w-7fxj-pcp6 Moodle vulnerable to Uncontrolled Resource Consumption | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-267j-cwvg-j28c Moodle attackers to modify grade metadata | 0% Низкий | около 3 лет назад | |
| GHSA-2563-fp9c-mgm8 Moodle Session Fixation vulnerability | CVSS3: 9.8 | 20% Средний | больше 2 лет назад |
| GHSA-243v-5pff-qqfj Moodle Open redirect risk in mobile auto-login feature | CVSS3: 6.1 | 0% Низкий | почти 3 года назад |
| GHSA-227w-xh58-rx2j Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. | 0% Низкий | около 3 лет назад | |
 | CVE-2025-3638 A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk. | CVSS3: 8.8 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу