Количество 2 469
Количество 2 469
GHSA-v33x-q8gh-4x42
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-v2rh-5v88-rgvh
Moodle context freezing
GHSA-rvmc-8gmg-ggqr
Moodle Blind SQL injection possible via MNet authentication
GHSA-rv62-6f56-j83w
Moodle Oauth 2 Insufficiently Protects Against Compromise
GHSA-rmq4-phgg-pxp4
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
GHSA-rmfm-w44g-h6m2
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.
GHSA-rmcv-83m2-7x23
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
GHSA-rjh8-w8jg-xwq5
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-rj5x-jhhc-5x6h
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
GHSA-rgmc-f85q-83hm
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
GHSA-r9pc-g29w-f86j
Moodle sensitive information disclosure
GHSA-r99q-hmqv-xw8w
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-r867-v437-4rrm
Moodle Cross-site request forgery (CSRF) vulnerability
GHSA-r7cj-2ghq-wj88
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
GHSA-r729-mx2r-j26j
Moodle XSS Vulnerability
GHSA-r6j4-gmpg-6x9f
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
GHSA-r4xr-m393-778m
Moodle IDOR when accessing list of course badges
GHSA-r4vq-7rgp-99hx
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
GHSA-r3fc-hx6q-g6cq
Moodle allows attackers to discover student e-mail addresses
GHSA-r2wx-46gp-rp3h
Moodle Improper Input Validation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v33x-q8gh-4x42 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-v2rh-5v88-rgvh Moodle context freezing | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-rvmc-8gmg-ggqr Moodle Blind SQL injection possible via MNet authentication | CVSS3: 7.2 | 1% Низкий | больше 3 лет назад |
| GHSA-rv62-6f56-j83w Moodle Oauth 2 Insufficiently Protects Against Compromise | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
| GHSA-rmq4-phgg-pxp4 Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | 0% Низкий | около 3 лет назад | |
| GHSA-rmfm-w44g-h6m2 Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | 0% Низкий | около 3 лет назад | |
| GHSA-rmcv-83m2-7x23 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. | 1% Низкий | около 3 лет назад | |
| GHSA-rjh8-w8jg-xwq5 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-rj5x-jhhc-5x6h mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 1% Низкий | около 3 лет назад | |
| GHSA-rgmc-f85q-83hm Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 1% Низкий | около 3 лет назад | |
| GHSA-r9pc-g29w-f86j Moodle sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-r99q-hmqv-xw8w Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| GHSA-r867-v437-4rrm Moodle Cross-site request forgery (CSRF) vulnerability | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-r7cj-2ghq-wj88 jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | 8% Низкий | около 3 лет назад | |
| GHSA-r729-mx2r-j26j Moodle XSS Vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-r6j4-gmpg-6x9f The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-r4xr-m393-778m Moodle IDOR when accessing list of course badges | CVSS3: 4.3 | 0% Низкий | 7 месяцев назад |
| GHSA-r4vq-7rgp-99hx mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | 0% Низкий | около 3 лет назад | |
| GHSA-r3fc-hx6q-g6cq Moodle allows attackers to discover student e-mail addresses | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-r2wx-46gp-rp3h Moodle Improper Input Validation | 0% Низкий | около 1 года назад |
Уязвимостей на страницу