VYPR

Moodle

by Moodle

Source repositories

CVEs (570)

  • CVE-2016-2151MedMay 22, 2016
    risk 0.21cvss 4.3epss 0.02

    user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover…

  • CVE-2016-0724MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.02

    The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which…

  • CVE-2015-5342MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

  • CVE-2015-5341MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.

  • CVE-2015-5340MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2)…

  • CVE-2015-5339MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain…

  • CVE-2015-5335MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics…

  • CVE-2015-5331MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

  • CVE-2015-5268MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.02

    The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.

  • CVE-2015-5265MedFeb 22, 2016
    risk 0.21cvss 4.3epss 0.01

    The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a…

  • CVE-2024-43425Nov 7, 2024
    risk 0.10cvss epss 0.83

    A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.

  • CVE-2013-3630Nov 1, 2013
    risk 0.06cvss epss 0.43

    Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.

  • CVE-2022-35650Jul 25, 2022
    risk 0.04cvss epss 0.49

    The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to…

  • CVE-2019-3810Mar 25, 2019
    risk 0.04cvss epss 0.14

    A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by…

  • CVE-2006-0147Jan 9, 2006
    risk 0.04cvss epss 0.13

    Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote…

  • CVE-2006-0146Jan 9, 2006
    risk 0.04cvss epss 0.13

    The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to…

  • CVE-2009-1171Mar 30, 2009
    risk 0.03cvss epss 0.06

    The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.

  • CVE-2007-6538Dec 27, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-1647Mar 24, 2007
    risk 0.03cvss epss 0.03

    Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session…

  • CVE-2006-5219Oct 10, 2006
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.

Page 4 of 29