Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.

Incorrect Calculation in moodle

Moodle vulnerable to stored Cross-site Scripting

Moodle Information Disclosure

Moodle Portfolio script allows instantiation of class chosen by user

Moodle Portfolio forum caller class allows a user to download any file

Improper Access Control in moodle

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

Moodle Unsanitized HTML in site log for config_log_created

Moodle Exposure of Sensitive Information to an Unauthorized Actor

Moodle allows attackers to upload files containing JavaScript

Moodle vulnerable to RCE

Moodle admin presets export tool includes some secrets that should not be exported

Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Moodle SSRF Vulnerability

Moodle has arbitrary file read risk through pdfTeX

Moodle may display roles to users who don't have access to them

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script