Exposición de Moodle
LMS70
score de exposición
13.690
sitios usan
0
en explotación
7
críticos
CVEs
292 resultadosCVE-2021-40695—It was possible for a student to view their quiz grade before it had been released, using a quiz web service.EPSS 0.9%CVE-2022-35651—A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM trEPSS 0.8%CVE-2021-43558—A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in thEPSS 0.8%CVE-2021-36392—In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.EPSS 0.8%CVE-2022-40315CRITICALA limited SQL injection risk was identified in the "browse list of users" site administration page.EPSS 0.8%CVE-2022-30596—A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent EPSS 0.8%CVE-2023-35133HIGHMoodle: ssrf risk due to insufficient check on the curl blocked hostsEPSS 0.8%CVE-2021-40693—An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.EPSS 0.8%CVE-2019-3850MEDIUMA vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open dEPSS 0.8%CVE-2018-1045—In Moodle 3.x, there is XSS via a calendar event name.EPSS 0.8%CVE-2021-20183—It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of searchEPSS 0.8%CVE-2023-23921—Moodle: reflected xss risk in some returnurl parametersEPSS 0.8%CVE-2025-3642HIGHMoodle: authenticated remote code execution risk in the moodle lms equella repositoryEPSS 0.8%CVE-2019-14831—A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link coEPSS 0.8%CVE-2020-14322—In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of deniEPSS 0.8%CVE-2023-35132MEDIUMMoodle: minor sql injection risk on mnet sso access control pageEPSS 0.8%CVE-2025-3641HIGHMoodle: authenticated remote code execution risk in the moodle lms dropbox repositoryEPSS 0.8%CVE-2021-20186—It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of EPSS 0.8%CVE-2019-14829—A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creatEPSS 0.7%CVE-2021-32472—Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.EPSS 0.7%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →