Количество 2 643
Количество 2 643
GHSA-2jxg-mv2m-j4r7
Moodle type juggling vulnerability
GHSA-2jrm-gww7-wch2
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
GHSA-2jcw-r79x-4r5v
Moodle does not set the RISK_XSS bit for graders
GHSA-2hw8-qj3h-c7pq
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
GHSA-2hw6-6rgf-726v
Moodle XSS Vulnerability
GHSA-2hw2-h3mf-c2j9
Moodle open redirect vulnerability
GHSA-2hmm-q272-xmhf
Moodle remote code execution
GHSA-2hh3-jmv8-5fmx
Moodle Does Not Escape Characters In Email Headers
GHSA-2fmv-j5xj-4fmq
Moodle Reveals Student Information Meant To Be Anonymous
GHSA-2c5m-jj29-px47
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
GHSA-28gc-4qq5-8q26
Moodle Cross-site Scripting vulnerability
GHSA-2887-hwqc-wcg8
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.
GHSA-27j2-c838-c3qg
Moodle Arbitrary File Read via XML External Entity vulnerability
GHSA-276h-65c8-j9w4
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
GHSA-273w-7fxj-pcp6
Moodle vulnerable to Uncontrolled Resource Consumption
GHSA-267j-cwvg-j28c
Moodle attackers to modify grade metadata
GHSA-25wf-7x6c-wmpf
Moodle does not properly enforce MFA
GHSA-2563-fp9c-mgm8
Moodle Session Fixation vulnerability
GHSA-243v-5pff-qqfj
Moodle Open redirect risk in mobile auto-login feature
GHSA-227w-xh58-rx2j
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-2jxg-mv2m-j4r7 Moodle type juggling vulnerability | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-2jrm-gww7-wch2 Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration | CVSS3: 7.2 | 1% Низкий | больше 3 лет назад |
| GHSA-2jcw-r79x-4r5v Moodle does not set the RISK_XSS bit for graders | 0% Низкий | больше 3 лет назад | |
| GHSA-2hw8-qj3h-c7pq badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-2hw6-6rgf-726v Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-2hw2-h3mf-c2j9 Moodle open redirect vulnerability | CVSS3: 7.4 | 0% Низкий | больше 3 лет назад |
| GHSA-2hmm-q272-xmhf Moodle remote code execution | CVSS3: 9.8 | 10% Низкий | около 3 лет назад |
| GHSA-2hh3-jmv8-5fmx Moodle Does Not Escape Characters In Email Headers | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-2fmv-j5xj-4fmq Moodle Reveals Student Information Meant To Be Anonymous | 0% Низкий | больше 3 лет назад | |
| GHSA-2c5m-jj29-px47 Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | 4% Низкий | больше 3 лет назад | |
| GHSA-28gc-4qq5-8q26 Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | около 2 лет назад |
| GHSA-2887-hwqc-wcg8 Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | 1% Низкий | больше 3 лет назад | |
| GHSA-27j2-c838-c3qg Moodle Arbitrary File Read via XML External Entity vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-276h-65c8-j9w4 lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | 0% Низкий | больше 3 лет назад | |
| GHSA-273w-7fxj-pcp6 Moodle vulnerable to Uncontrolled Resource Consumption | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| GHSA-267j-cwvg-j28c Moodle attackers to modify grade metadata | 0% Низкий | больше 3 лет назад | |
| GHSA-25wf-7x6c-wmpf Moodle does not properly enforce MFA | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-2563-fp9c-mgm8 Moodle Session Fixation vulnerability | CVSS3: 9.8 | 21% Средний | почти 3 года назад |
| GHSA-243v-5pff-qqfj Moodle Open redirect risk in mobile auto-login feature | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-227w-xh58-rx2j Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу