Vulnerabilidades em Moodle

25 resultados
CVE-2025-34031HIGHMoodle LMS Jmol Plugin Path TraversalEPSS 3.0%CVE-2012-1168Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specifiedEPSS 2.3%CVE-2012-1156Moodle before 2.2.2 has users' private files included in course backupsEPSS 2.1%CVE-2012-1155Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even thEPSS 2.1%CVE-2012-1169Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full namesEPSS 1.8%CVE-2012-1159Moodle before 2.2.2: Overview report allows users to see hidden coursesEPSS 1.4%CVE-2012-1158Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in exportEPSS 1.4%CVE-2012-1161Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search resultsEPSS 1.4%CVE-2019-10154MEDIUMA flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversationEPSS 1.3%CVE-2012-1160Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.phpEPSS 1.2%CVE-2012-1157Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by defaultEPSS 1.2%CVE-2019-10134MEDIUMA flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly EPSS 1.1%CVE-2012-1170Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thoroughEPSS 0.9%CVE-2019-10133LOWA flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not EPSS 0.9%CVE-2025-34032MEDIUMMoodle LMS Jmol Plugin Cross-site Scripting (XSS)EPSS 0.6%CVE-2024-38276HIGHmoodle: CSRF risks due to misuse of confirm_sesskeyEPSS 0.5%CVE-2024-38275HIGHmoodle: HTTP authorization header is preserved between "emulated redirects"EPSS 0.4%CVE-2024-38273MEDIUMmoodle: BigBlueButton web service leaks meeting joining information to users who should not have accessEPSS 0.4%CVE-2024-38274MEDIUMmoodle: stored XSS via calendar's event title when deleting the eventEPSS 0.4%CVE-2024-33996MEDIUMmoodle: broken access control when setting calendar event typeEPSS 0.4%