Exposición de Moodle

LMS

70

score de exposición

13.690

sitios usan

0

en explotación

7

críticos

CVEs

292 resultados

CVE-2020-25703—The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. VersiEPSS 1.5%CVE-2018-1081—A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users cEPSS 1.5%CVE-2021-36396HIGHIn Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a bEPSS 1.4%CVE-2012-1159—Moodle before 2.2.2: Overview report allows users to see hidden coursesEPSS 1.4%CVE-2012-1161—Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search resultsEPSS 1.4%CVE-2012-1158—Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in exportEPSS 1.4%CVE-2021-20185—It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages,EPSS 1.4%CVE-2023-5550MEDIUMMoodle: rce due to lfi risk in some misconfigured shared hosting environmentsEPSS 1.4%CVE-2020-25701—If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would eEPSS 1.4%CVE-2022-45152CRITICALA blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-suppliEPSS 1.4%CVE-2018-1043—In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.EPSS 1.4%CVE-2020-25630—A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping tEPSS 1.3%CVE-2020-25700—In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 toEPSS 1.3%CVE-2019-10154MEDIUMA flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversationEPSS 1.3%CVE-2021-20281—It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.EPSS 1.3%CVE-2020-25629—A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain accessEPSS 1.3%CVE-2022-30599—A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.EPSS 1.3%CVE-2021-20280—Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8,EPSS 1.3%CVE-2020-25702—In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodleEPSS 1.3%CVE-2021-20282—When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle beEPSS 1.3%

← anteriorpágina 3 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →