moodle/moodle Security Advisories for v3.9.0-rc3 (118)
-
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-kkys-npvt-jjkp CVE-2024-34002 GHSA-mm9p-xwfm-3fqf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-yhpg-hcpg-vd71 CVE-2024-34003 GHSA-jg4f-8w9x-jv35
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-ypnv-pv4y-khkt CVE-2024-34004 GHSA-q3cm-ccrm-2mr6
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-7g9b-96vb-f88b CVE-2024-34005 GHSA-r99q-hmqv-xw8w
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Unsanitized HTML in site log for config_log_created
PKSA-81r7-dyqg-4q32 CVE-2024-34006 GHSA-vvh5-7v3m-j3mj
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle CSRF risk in analytics management of models
PKSA-1bk8-gsry-b156 CVE-2024-34008 GHSA-68x5-4jg5-gjgg
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle CSRF risk in admin preset tool management of presets
PKSA-smf8-81d7-1g8y CVE-2024-34001 GHSA-gq9f-8rj4-w7jc
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-44sz-9c8d-byh6 CVE-2024-34000 GHSA-8qwh-4vwv-7c5m
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle broken access control when setting calendar event type
PKSA-xxjw-syx2-dc4w CVE-2024-33996 GHSA-4qww-rxq6-x7gf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting (XSS)
PKSA-psg4-6cnq-2vpv CVE-2024-33997 GHSA-9qgq-93c7-9hm4
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-1vcw-7pbp-4hc4 CVE-2024-33998 GHSA-xqhh-253w-4q5f
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Moodle Chat
PKSA-dkf4-gr8b-q7z7 CVE-2024-28593 GHSA-f6mh-79vh-2hv7
Affected version: <=4.3.3
Reported by:
GitHub -
[HIGH] Uncontrolled Resource Consumption in moodle
PKSA-cnq3-npb7-81gr CVE-2024-25978 GHSA-487g-3m3v-hjhq
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Handling of Parameters in moodle
PKSA-8zq5-86tq-npgn CVE-2024-25979 GHSA-6vjf-48fh-vxxj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-q882-vvk2-55y5 CVE-2024-25980 GHSA-cp8m-h777-g4p3
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-1rtr-36p9-m5t2 CVE-2024-25981 GHSA-jfrg-9hpq-9hvp
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in moodle
PKSA-ywdp-r6kr-8xch CVE-2024-25982 GHSA-7pjp-fm93-p6pj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[LOW] Authorization Bypass in moodle
PKSA-yn3d-by8g-nzfj CVE-2024-25983 GHSA-9r26-5w88-qhp9
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-57rb-5xt6-dhwq CVE-2024-1439 GHSA-5p2x-8427-9fgp
Affected version: <=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-nw4f-rh34-rrdv CVE-2023-5544 GHSA-j5xf-gv89-g422
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-qmp2-c2q6-ys9x CVE-2023-5545 GHSA-26fg-v32r-h663
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-hc6s-n6ty-9y9s CVE-2023-5547 GHSA-9gqp-3g28-w9xc
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
PKSA-7z8c-xy4p-1ctc CVE-2023-5548 GHSA-cwh2-q44x-5w3c
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-hfk2-p537-bfvp CVE-2023-5549 GHSA-fm5h-58g2-4m3f
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-4qqg-7p6g-qrrf CVE-2023-5550 GHSA-5cvx-cwpx-9rjh
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-6cjp-j4yt-m8jy CVE-2023-5551 GHSA-jr83-8x65-xcr5
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-fmy8-x52s-r4tc CVE-2023-5539 GHSA-3xxm-3g3c-w579
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-9gb6-31c6-p6xb CVE-2023-5540 GHSA-w8x2-w4qr-v3x4
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-71dn-fkh5-k7hn CVE-2023-5541 GHSA-28gc-4qq5-8q26
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-d458-bwfk-smkv CVE-2023-5542 GHSA-8mm2-m2gp-c6x2
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-mc6m-hdgk-qpkp CVE-2023-5546 GHSA-9724-h8p7-r3jv
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-1tyr-r2xr-8vx6 CVE-2023-35131 GHSA-fwfj-8p36-rc64
Affected version: <3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to SQL Injection
PKSA-dhd3-j88c-2sy9 CVE-2023-35132 GHSA-49mv-vfcp-8gg9
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Server Side Request Forgery
PKSA-59yt-9rbk-gvyv CVE-2023-35133 GHSA-xxp4-mf4h-6cwm
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to stored Cross-site Scripting
PKSA-rn3d-zrrq-myhz CVE-2021-27131 GHSA-w2pm-fr62-jgv4
Affected version: <=3.10.1
Reported by:
GitHub -
[MEDIUM] Moodle External Control of File Name or Path vulnerability
PKSA-tkmd-sfy5-9ntm CVE-2023-30943 GHSA-22gj-8qj2-fj46
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-vvyj-pzxn-byrt CVE-2023-30944 GHSA-7mmc-22g7-3xq2
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle may allow students to bypass sequential navigation during a quiz attempt
PKSA-s41w-d8tm-rcvv CVE-2022-40208 GHSA-948f-j464-rfj2
Affected version: <3.9.16|>=3.11.0,<3.11.9|>=4.0.0,<4.0.3
Reported by:
GitHub -
[MEDIUM] Moodle may display roles to users who don't have access to them
PKSA-mxtf-x1wg-7bp2 CVE-2023-1402 GHSA-vj5p-fp42-774p
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-rp95-37zp-mm24 CVE-2023-28329 GHSA-72w2-j52c-7682
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle arbitrary file read vulnerability
PKSA-mc13-1wkx-jq4t CVE-2023-28330 GHSA-56r9-72vx-q989
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-bxtb-x3pj-rjq1 CVE-2023-28331 GHSA-77jm-f3vj-xvx2
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
PKSA-7jf2-xyg3-8k5b CVE-2023-28332 GHSA-9f45-9qrw-pp4v
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[CRITICAL] Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
PKSA-55x8-drvs-2svz CVE-2023-28333 GHSA-q2x3-2f9g-h559
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle may allow authenticated users to enumerate other user's names via learning plans page
PKSA-g5h3-zwb4-389q CVE-2023-28334 GHSA-hh52-g5c4-wprh
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle may allow teachers to access the names of users they could not otherwise access
PKSA-fyrz-rtnj-32jm CVE-2023-28336 GHSA-prjm-2fj2-787f
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle has Incorrect Default Permissions
PKSA-p97s-2nyv-wn21 CVE-2021-36397 GHSA-2wmj-8mqg-r9q8
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-dvwm-fjsh-f11d CVE-2021-36399 GHSA-79jp-m64f-pgrc
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle has Incorrect Default Permissions
PKSA-d6ng-xnwt-yqc8 CVE-2021-36400 GHSA-35wf-3wq2-r3hx
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Stored Cross-site Scripting
PKSA-6thw-4qmq-h8nv CVE-2021-36401 GHSA-g6h6-4fp6-w33w
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Improper Input Validation vulnerability
PKSA-rsfn-3wg6-9b49 CVE-2021-36402 GHSA-gv8f-43pg-c5qw
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle has a Hidden Functionality vulnerability
PKSA-9gf2-4rwz-pbz6 CVE-2021-36403 GHSA-j9cw-5cpj-9qj5
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[CRITICAL] Moodle SQL Injection vulnerability
PKSA-fvzz-7jy5-jqd2 CVE-2021-36392 GHSA-qc86-vgf2-6fq6
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[CRITICAL] Moodle SQL Injection vulnerability
PKSA-4hr3-sj2q-bthv CVE-2021-36393 GHSA-f46j-r7q3-6cm2
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle Session Fixation vulnerability
PKSA-p137-z8ts-57qr CVE-2021-36394 GHSA-2563-fp9c-mgm8
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Uncontrolled Resource Consumption
PKSA-gr2v-z4dh-7y8z CVE-2021-36395 GHSA-273w-7fxj-pcp6
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Server-Side Request Forgery
PKSA-wqjn-7ff5-5vg5 CVE-2021-36396 GHSA-4rmj-w58m-fvch
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-j8km-3bqv-4yq3 CVE-2023-23921 GHSA-97qf-pq7x-964m
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[HIGH] Moodle Improper Access Control vulnerability
PKSA-9ggk-wqx1-s523 CVE-2023-23923 GHSA-32jc-9p58-p82x
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[CRITICAL] Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
PKSA-vvcc-hpr9-hc68 CVE-2022-45152 GHSA-xqcf-vgqc-pcmg
Affected version: >=4.0,<4.0.5|>=3.11,<3.11.11|>=3.9,<3.9.18
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in Moodle
PKSA-t78j-bk86-n5wb CVE-2022-45149 GHSA-8v23-w4w5-w83c
Affected version: >=4.0.0,<4.0.5|>=3.11.0,<3.11.11|>=3.9.0,<3.9.18
Reported by:
GitHub -
[MEDIUM] Moodle reflected cross-site scripting vulnerability in policy tool
PKSA-s5y4-r7wb-bznw CVE-2022-45150 GHSA-6gx2-g773-hv9h
Affected version: >=4.0,<4.0.5|>=3.11,<3.11.11|>=3.9,<3.9.18
Reported by:
GitHub -
[HIGH] Moodle Stored Cross-site Scripting and page denial of service
PKSA-dhgp-ry9y-b8gx CVE-2022-40313 GHSA-jqgr-gh62-jf53
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[CRITICAL] Moodle remote code execution
PKSA-gn18-mdrw-79m2 CVE-2022-40314 GHSA-2hmm-q272-xmhf
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|<3.9.17
Reported by:
GitHub -
[CRITICAL] Moodle Minor SQL injection risk in admin user browsing
PKSA-rm4m-8bfs-9w2b CVE-2022-40315 GHSA-mqw9-3cjm-xwp3
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[MEDIUM] Moodle No groups filtering in H5P activity attempts report
PKSA-kj1m-bcy5-qfsx CVE-2022-40316 GHSA-385f-vgq7-8hhx
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[MEDIUM] Moodle Improper Authentication
PKSA-bnxz-xrnv-wrwf CVE-2021-40691 GHSA-92vh-mr2w-j2cr
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Incorrect Authorization
PKSA-nf4m-wjx1-qh5g CVE-2021-40692 GHSA-wr6q-xv23-rfq9
Affected version: >=3.9,<3.9.10|>=3.10,<3.10.7|>=3.11,<3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle type juggling vulnerability
PKSA-qj4q-4qg2-xdz3 CVE-2021-40693 GHSA-2jxg-mv2m-j4r7
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Improper Encoding or Escaping of Output
PKSA-r71d-sf7c-v712 CVE-2021-40694 GHSA-m37g-mwcg-7j7v
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-5bkd-z2dx-gt97 CVE-2021-40695 GHSA-gp4w-f57r-9rx3
Affected version: >=3.9,<3.9.10|>=3.10,<3.10.7|>=3.11,<3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-svbd-jdv9-tzjd CVE-2021-36568 GHSA-fm6m-fg23-67jq
Affected version: >=3.11.0,<3.11.10|>=3.10.0,<=3.10.4|<=3.9.7
Reported by:
GitHub -
[MEDIUM] Moodle LTI module reflected XSS risk
PKSA-yss7-nkq1-3d91 CVE-2022-35653 GHSA-62wh-m4jr-233r
Affected version: >=3.9,<3.9.15|>=3.11,<3.11.8|>=4.0,<4.0.2
Reported by:
GitHub -
[CRITICAL] Moodle PostScript Code Injection
PKSA-wty4-thjm-zbkj CVE-2022-35649 GHSA-xp2f-9mx3-3c6p
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[HIGH] Moodle Arbitrary file read when importing lesson questions
PKSA-2hzh-ymx1-3184 CVE-2022-35650 GHSA-pgm5-cr62-prxq
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[MEDIUM] Moodle Stored XSS and blind SSRF possible via SCORM track details
PKSA-bw77-6cg9-n3ns CVE-2022-35651 GHSA-wwv7-h477-wrv7
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[MEDIUM] Moodle Open redirect risk in mobile auto-login feature
PKSA-y5bx-vvy6-9d79 CVE-2022-35652 GHSA-243v-5pff-qqfj
Affected version: >=3.9,<3.9.15|>=3.11,<3.11.8|>=4.0,<4.0.2
Reported by:
GitHub -
[HIGH] Moodle contains CSRF vulnerability
PKSA-wk49-jvzs-n8zp CVE-2021-43559 GHSA-3jrj-x6cj-97cp
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle Insecure direct object reference (IDOR) in a calendar web service
PKSA-gwvt-tz7x-r28h CVE-2021-43560 GHSA-g39c-mccf-rxjv
Affected version: >=3.11,<3.11.4|>=3.10,<3.10.8|>=3.9,<3.9.11
Reported by:
GitHub -
[MEDIUM] Moodle contains Stored XSS via ID number user profile field
PKSA-8n9f-d741-px4n CVE-2021-20279 GHSA-h7h6-fwpv-ggvx
Affected version: >=3.5,<=3.5.16|>=3.8,<=3.8.7|>=3.9,<=3.9.4|>=3.10,<=3.10.1
Reported by:
GitHub -
[MEDIUM] Moodle Bypass email verification secret when confirming account registration
PKSA-jnjs-71mv-mwzy CVE-2021-20282 GHSA-grj4-g57c-9xmv
Affected version: >=3.10,<3.10.2|>=3.9,<3.9.5|>=3.8,<3.8.8|>=3.5,<3.5.17
Reported by:
GitHub -
[MEDIUM] Missing permission check in Moodle
PKSA-m6dd-wy5n-1jcz CVE-2021-20283 GHSA-2m72-m5cw-3g9h
Affected version: <3.5.17|>=3.8.0,<3.8.8|>=3.9.0,<3.9.5|>=3.10.0,<3.10.2
Reported by:
GitHub -
[MEDIUM] Moodle Grade information disclosure in grade's external fetch functions
PKSA-wrs3-rn1k-6ysb CVE-2021-20184 GHSA-mm73-86f9-5x5c
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7
Reported by:
GitHub -
[MEDIUM] Moodle Client side denial of service via personal message
PKSA-d6bj-st5z-p3gv CVE-2021-20185 GHSA-c3j6-33r4-89q3
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7|>=3.5,<3.5.16
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting
PKSA-31z4-kxmt-xp13 CVE-2021-20186 GHSA-h8m4-h385-qhqv
Affected version: >=3.5,<3.5.16|>=3.8,<3.8.7|>=3.9,<3.9.4|>=3.10,<3.10.1
Reported by:
GitHub -
[HIGH] Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
PKSA-czrr-wk83-tjhd CVE-2021-20187 GHSA-2jrm-gww7-wch2
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7|>=3.5,<3.5.16
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting (XSS)
PKSA-y2d7-pbhp-w23h CVE-2020-25627 GHSA-mgfp-qcf2-pw3m
Affected version: >=3.9,<3.9.2
Reported by:
GitHub -
[HIGH] Moodle incorrect access control
PKSA-7c19-51gr-w7s6 CVE-2020-25629 GHSA-f5r8-7h4f-jr9x
Affected version: >=3.5,<=3.5.13|>=3.7,<=3.7.7|>=3.8,<=3.8.4|>=3.9,<=3.9.1
Reported by:
GitHub -
[HIGH] Moodle Denial of Service
PKSA-8grx-3y34-4hqr CVE-2020-25630 GHSA-66xp-28cq-mrf2
Affected version: >=3.5,<3.5.14|>=3.7,<3.7.8|>=3.8,<3.8.5|>=3.9,<3.9.2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-sgb8-g9gb-tjf1 CVE-2020-25631 GHSA-4w4j-9533-82qg
Affected version: >=3.7,<3.7.8|>=3.8,<3.8.5|>=3.9,<3.9.2
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information in moodle
PKSA-yv8d-6896-kwd1 CVE-2022-30598 GHSA-fj6p-g234-rrv3
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] Incorrect Calculation in moodle
PKSA-6vy4-xp1h-g5xx CVE-2022-30600 GHSA-w37f-pvvx-wcwm
Affected version: >=3.11,<3.11.7|>=3.10,<3.10.11|>=3.9,<3.9.14|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-t41x-1pbm-pq6j CVE-2022-30596 GHSA-wvh5-78h5-gmgr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] External Control of Assumed-Immutable Web Parameter in moodle
PKSA-8gg4-921q-8s9n CVE-2022-30597 GHSA-x6gm-qqwp-76gr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] SQL injection in moodle
PKSA-kbfy-hrnp-4yty CVE-2022-30599 GHSA-69c3-5xxf-58q2
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] Improper Authentication in moodle
PKSA-pjh1-h464-6bwp CVE-2022-0985 GHSA-6q9g-3vfq-q2qj
Affected version: >=3.9,<3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Missing authorization in Moodle
PKSA-wnz7-3jhx-ydz3 CVE-2022-0984 GHSA-c5hf-mc85-2hx4
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[HIGH] SQL Injection in Moodle
PKSA-3tp5-6sqk-x25n CVE-2022-0983 GHSA-h2fw-93qx-vrcq
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting
PKSA-hfs3-3b1m-7tfs CVE-2021-32475 GHSA-5wjh-v7c8-wrhx
Affected version: >=3.10,<3.10.4|>=3.9,<3.9.7|>=3.8,<3.8.9|>=3.5,<3.5.18
Reported by:
GitHub -
[HIGH] Moodle denial-of-service risk in the draft files area
PKSA-qqmk-nzz9-zdbh CVE-2021-32476 GHSA-4qxc-qxrp-33cw
Affected version: >=3.5.17,<3.5.18|>=3.8,<3.8.9|>=3.9,<3.9.7|>=3.10,<3.10.4
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-1tf5-r7vk-wws8 CVE-2021-32472 GHSA-454r-jccq-96q8
Affected version: >=3.10.0,<3.10.4|>=3.9.0,<3.9.7|>=3.8.0,<3.8.9
Reported by:
GitHub -
[MEDIUM] Moodle Information Disclosure vulnerability
PKSA-4pts-cqhb-rsvr CVE-2021-32473 GHSA-wx87-h539-4775
Affected version: >=3.10,<3.10.4|>=3.9,<3.9.7|>=3.8,<3.8.9|>=3.5,<3.5.18
Reported by:
GitHub -
[HIGH] Moodle Blind SQL injection possible via MNet authentication
PKSA-hbq8-nyn2-ssf4 CVE-2021-32474 GHSA-rvmc-8gmg-ggqr
Affected version: >=3.5,<3.5.18|>=3.8,<3.8.9|>=3.9,<3.9.7|>=3.10,<3.10.4
Reported by:
GitHub -
[MEDIUM] Moodle reflected XSS
PKSA-tqnf-kvrx-jqnz CVE-2021-32478 GHSA-78fm-qhh8-8858
Affected version: >=3.8,<=3.8.8|>=3.9,<=3.9.6|>=3.10,<=3.10.3
Reported by:
GitHub -
[LOW] Insufficient user authorization in Moodle
PKSA-9zbz-v465-kgkg CVE-2022-0333 GHSA-m434-m5pv-p35w
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[MEDIUM] Insufficient user authorization in Moodle
PKSA-bnvf-vkcb-sdkk CVE-2022-0334 GHSA-93pj-4p65-qmr9
Affected version: <3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[HIGH] Cross Site Request Forgery in Moodle
PKSA-5jbg-f5mn-rr6y CVE-2022-0335 GHSA-xpfv-89vg-r562
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[CRITICAL] Moodle vulnerable to RCE via unsafe deserialization
PKSA-25fk-g12d-tpq4 CVE-2021-3943 GHSA-8jhp-2gcr-qw96
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-3z9j-mn6z-3fqz CVE-2021-43558 GHSA-wpfp-q843-v772
Affected version: >=3.9.0,<3.9.11|>=3.10.0,<3.10.8|>=3.11.0,<3.11.4
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor in Moodle
PKSA-1982-gdwp-4gm4 CVE-2020-25703 GHSA-c7v4-m269-4995
Affected version: >=3.10.0-beta,<3.10.0|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Moodle allowed some users without permission to view other users' full names
PKSA-tnmv-jjt6-h4ky CVE-2021-20281 GHSA-93wh-35r4-6qmw
Affected version: >=3.5,<3.5.17|>=3.8.0,<3.8.8|>=3.9.0,<3.9.5|>=3.10.0,<3.10.2
Reported by:
GitHub -
[MEDIUM] Cross site-scripting (XSS) moodle
PKSA-vh6q-bcyd-68gs CVE-2020-25628 GHSA-5x33-h32w-6vr2
Affected version: >=3.5,<3.5.14|>=3.7.0,<3.7.8|>=3.8.0,<3.8.5|>=3.9.0,<3.9.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in moodle
PKSA-g8b1-hdp7-w1sp CVE-2020-25702 GHSA-pgcp-m69h-p2gr
Affected version: >=3.9.0,<3.9.3
Reported by:
GitHub -
[HIGH] Privilage Escalation in moodle
PKSA-9c8q-s2rm-8gsf CVE-2020-25699 GHSA-h77r-rp97-7rv4
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Privilage Escalation in moodle
PKSA-vsf8-3sc8-km59 CVE-2020-25701 GHSA-c9hq-g4q8-w893
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[HIGH] Improper Access Control in moodle
PKSA-yy28-4517-tj4d CVE-2020-25698 GHSA-vxhx-gmhm-623c
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] SQL Injection in moodle
PKSA-pwpb-wrfj-8scj CVE-2020-25700 GHSA-7h8v-2v8x-h264
Affected version: >=3.5.0,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
PKSA-3ch1-bgkj-pfgm CVE-2021-20280 GHSA-x2jp-hh65-4xvf
Affected version: >=3.5,<3.5.17|>=3.8,<3.8.8|>=3.9,<3.9.5|>=3.10,<3.10.2
Reported by:
GitHub