Filtered by vendor Moodle
Subscribe
Total
559 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | |||||
| CVE-2014-7834 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service. | |||||
| CVE-2015-3175 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. | |||||
| CVE-2015-5337 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file. | |||||
| CVE-2014-0217 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
| enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL. | |||||
| CVE-2014-0127 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.9 MEDIUM | N/A |
| The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time. | |||||
| CVE-2015-0217 | 1 Moodle | 1 Moodle | 2025-04-12 | 6.8 MEDIUM | N/A |
| filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | |||||
| CVE-2014-7845 | 1 Moodle | 1 Moodle | 2025-04-12 | 7.5 HIGH | N/A |
| The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2014-3553 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.9 MEDIUM | N/A |
| mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. | |||||
| CVE-2015-5342 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state. | |||||
| CVE-2014-7848 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | N/A |
| lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2014-0125 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.8 MEDIUM | N/A |
| repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. | |||||
| CVE-2014-0124 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. | |||||
| CVE-2014-3551 | 1 Moodle | 1 Moodle | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. | |||||
| CVE-2014-3546 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | N/A |
| Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. | |||||
| CVE-2014-7831 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service. | |||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields. | |||||
| CVE-2016-0725 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. | |||||
| CVE-2014-7833 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher. | |||||
| CVE-2014-0218 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||