moodle/moodle Security Advisories for v4.0.11 (31)
-
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-kkys-npvt-jjkp CVE-2024-34002 GHSA-mm9p-xwfm-3fqf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-yhpg-hcpg-vd71 CVE-2024-34003 GHSA-jg4f-8w9x-jv35
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-ypnv-pv4y-khkt CVE-2024-34004 GHSA-q3cm-ccrm-2mr6
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-7g9b-96vb-f88b CVE-2024-34005 GHSA-r99q-hmqv-xw8w
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Unsanitized HTML in site log for config_log_created
PKSA-81r7-dyqg-4q32 CVE-2024-34006 GHSA-vvh5-7v3m-j3mj
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle CSRF risk in analytics management of models
PKSA-1bk8-gsry-b156 CVE-2024-34008 GHSA-68x5-4jg5-gjgg
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle CSRF risk in admin preset tool management of presets
PKSA-smf8-81d7-1g8y CVE-2024-34001 GHSA-gq9f-8rj4-w7jc
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-44sz-9c8d-byh6 CVE-2024-34000 GHSA-8qwh-4vwv-7c5m
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle broken access control when setting calendar event type
PKSA-xxjw-syx2-dc4w CVE-2024-33996 GHSA-4qww-rxq6-x7gf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting (XSS)
PKSA-psg4-6cnq-2vpv CVE-2024-33997 GHSA-9qgq-93c7-9hm4
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-1vcw-7pbp-4hc4 CVE-2024-33998 GHSA-xqhh-253w-4q5f
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Moodle Chat
PKSA-dkf4-gr8b-q7z7 CVE-2024-28593 GHSA-f6mh-79vh-2hv7
Affected version: <=4.3.3
Reported by:
GitHub -
[HIGH] Uncontrolled Resource Consumption in moodle
PKSA-cnq3-npb7-81gr CVE-2024-25978 GHSA-487g-3m3v-hjhq
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Handling of Parameters in moodle
PKSA-8zq5-86tq-npgn CVE-2024-25979 GHSA-6vjf-48fh-vxxj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-q882-vvk2-55y5 CVE-2024-25980 GHSA-cp8m-h777-g4p3
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-1rtr-36p9-m5t2 CVE-2024-25981 GHSA-jfrg-9hpq-9hvp
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in moodle
PKSA-ywdp-r6kr-8xch CVE-2024-25982 GHSA-7pjp-fm93-p6pj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[LOW] Authorization Bypass in moodle
PKSA-yn3d-by8g-nzfj CVE-2024-25983 GHSA-9r26-5w88-qhp9
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-57rb-5xt6-dhwq CVE-2024-1439 GHSA-5p2x-8427-9fgp
Affected version: <=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-nw4f-rh34-rrdv CVE-2023-5544 GHSA-j5xf-gv89-g422
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-qmp2-c2q6-ys9x CVE-2023-5545 GHSA-26fg-v32r-h663
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-hc6s-n6ty-9y9s CVE-2023-5547 GHSA-9gqp-3g28-w9xc
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
PKSA-7z8c-xy4p-1ctc CVE-2023-5548 GHSA-cwh2-q44x-5w3c
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-hfk2-p537-bfvp CVE-2023-5549 GHSA-fm5h-58g2-4m3f
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-fmy8-x52s-r4tc CVE-2023-5539 GHSA-3xxm-3g3c-w579
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-9gb6-31c6-p6xb CVE-2023-5540 GHSA-w8x2-w4qr-v3x4
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-71dn-fkh5-k7hn CVE-2023-5541 GHSA-28gc-4qq5-8q26
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-d458-bwfk-smkv CVE-2023-5542 GHSA-8mm2-m2gp-c6x2
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-mc6m-hdgk-qpkp CVE-2023-5546 GHSA-9724-h8p7-r3jv
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle External Control of File Name or Path vulnerability
PKSA-tkmd-sfy5-9ntm CVE-2023-30943 GHSA-22gj-8qj2-fj46
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-vvyj-pzxn-byrt CVE-2023-30944 GHSA-7mmc-22g7-3xq2
Affected version: <4.2.0-rc2
Reported by:
GitHub