Exposición de Moodle

LMS

70

score de exposición

13.690

sitios usan

0

en explotación

7

críticos

CVEs

292 resultados

CVE-2024-25978HIGHMsa-24-0001: denial of service risk in file picker unzip functionalityEPSS 0.9%CVE-2019-3848MEDIUMA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event infoEPSS 0.9%CVE-2019-3852MEDIUMA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not takingEPSS 0.9%CVE-2020-25631—A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapEPSS 0.9%CVE-2012-1170—Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thoroughEPSS 0.9%CVE-2019-14884MEDIUMA vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal eEPSS 0.9%CVE-2019-3809MEDIUMA flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of EPSS 0.9%CVE-2024-4186CRITICALEdwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value CheckEPSS 0.9%CVE-2021-40694—Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system accouEPSS 0.9%CVE-2019-10133LOWA flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not EPSS 0.9%CVE-2019-3851MEDIUMA vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layouEPSS 0.9%CVE-2022-0983—An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachEPSS 0.9%CVE-2021-32474—An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this reEPSS 0.9%CVE-2019-10189MEDIUMA flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groupEPSS 0.9%CVE-2019-10188MEDIUMA flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in thEPSS 0.9%CVE-2019-10187MEDIUMA flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete EPSS 0.9%CVE-2017-2578—In Moodle 3.x, there is XSS in the assignment submission page.EPSS 0.9%CVE-2022-35652—An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attackeEPSS 0.9%CVE-2020-1756—In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.EPSS 0.9%CVE-2023-23922—Moodle: reflected xss risk in blog searchEPSS 0.9%

← anteriorpágina 6 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →