Exposición de Moodle

LMS

70

score de exposición

13.690

sitios usan

0

en explotación

7

críticos

CVEs

292 resultados

CVE-2018-16854MEDIUMA flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by EPSS 2.3%CVE-2012-1168—Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specifiedEPSS 2.3%CVE-2019-3847MEDIUMA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such aEPSS 2.3%CVE-2026-26046HIGHMoodle: moodle: improper input sanitization in tex filter administration settingEPSS 2.2%CVE-2012-1155—Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even thEPSS 2.1%CVE-2012-1156—Moodle before 2.2.2 has users' private files included in course backupsEPSS 2.1%CVE-2018-10890MEDIUMA flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to reEPSS 2.1%CVE-2018-10889MEDIUMA flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain EPSS 2.1%CVE-2018-1082—A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but laterEPSS 2.1%CVE-2018-10891MEDIUMA flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the questEPSS 2.1%CVE-2023-5540MEDIUMMoodle: authenticated remote code execution risk in imscpEPSS 1.9%CVE-2020-25698—Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could leadEPSS 1.9%CVE-2023-5539MEDIUMMoodle: authenticated remote code execution risk in lessonEPSS 1.9%CVE-2018-14631HIGHmoodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumEPSS 1.8%CVE-2012-1169—Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full namesEPSS 1.8%CVE-2018-1137—An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by usEPSS 1.7%CVE-2020-25699—In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles witEPSS 1.6%CVE-2017-2643—In Moodle 3.2.x, global search displays user names for unauthenticated users.EPSS 1.6%CVE-2021-20187—It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP EPSS 1.6%CVE-2022-40314CRITICALA remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.EPSS 1.5%

← anteriorpágina 2 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →