Total
590 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1613 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | |||||
CVE-2012-3394 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2012-3395 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. | |||||
CVE-2011-4296 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | |||||
CVE-2011-4285 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. | |||||
CVE-2010-1616 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | |||||
CVE-2011-4591 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | |||||
CVE-2012-2366 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | |||||
CVE-2012-6112 | 2 Moodle, Tinymce | 2 Moodle, Spellchecker Php | 2025-04-11 | 5.0 MEDIUM | N/A |
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. | |||||
CVE-2011-4286 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. | |||||
CVE-2011-4283 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. | |||||
CVE-2012-2356 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||||
CVE-2011-4581 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | |||||
CVE-2013-4525 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. | |||||
CVE-2011-4282 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. | |||||
CVE-2012-2359 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | |||||
CVE-2011-4309 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | |||||
CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | |||||
CVE-2012-2358 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | |||||
CVE-2011-4308 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. |