moodle/moodle Security Advisories (318)
-
[MEDIUM] Cross-site Scripting in Moodle Chat
PKSA-dkf4-gr8b-q7z7 CVE-2024-28593 GHSA-f6mh-79vh-2hv7
Affected version: <=4.3.3
Reported by:
GitHub -
[HIGH] Uncontrolled Resource Consumption in moodle
PKSA-cnq3-npb7-81gr CVE-2024-25978 GHSA-487g-3m3v-hjhq
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Handling of Parameters in moodle
PKSA-8zq5-86tq-npgn CVE-2024-25979 GHSA-6vjf-48fh-vxxj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-q882-vvk2-55y5 CVE-2024-25980 GHSA-cp8m-h777-g4p3
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-1rtr-36p9-m5t2 CVE-2024-25981 GHSA-jfrg-9hpq-9hvp
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in moodle
PKSA-ywdp-r6kr-8xch CVE-2024-25982 GHSA-7pjp-fm93-p6pj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[LOW] Authorization Bypass in moodle
PKSA-yn3d-by8g-nzfj CVE-2024-25983 GHSA-9r26-5w88-qhp9
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-57rb-5xt6-dhwq CVE-2024-1439 GHSA-5p2x-8427-9fgp
Affected version: <=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-nw4f-rh34-rrdv CVE-2023-5544 GHSA-j5xf-gv89-g422
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-qmp2-c2q6-ys9x CVE-2023-5545 GHSA-26fg-v32r-h663
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-hc6s-n6ty-9y9s CVE-2023-5547 GHSA-9gqp-3g28-w9xc
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
PKSA-7z8c-xy4p-1ctc CVE-2023-5548 GHSA-cwh2-q44x-5w3c
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-hfk2-p537-bfvp CVE-2023-5549 GHSA-fm5h-58g2-4m3f
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-4qqg-7p6g-qrrf CVE-2023-5550 GHSA-5cvx-cwpx-9rjh
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-6cjp-j4yt-m8jy CVE-2023-5551 GHSA-jr83-8x65-xcr5
Affected version: <3.9.24|>=3.10.0,<3.11.17|>=4.0.0,<4.0.11|>=4.1.0,<4.1.6|>=4.2.0,<4.2.3|>=4.3.0-beta,<4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-fmy8-x52s-r4tc CVE-2023-5539 GHSA-3xxm-3g3c-w579
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-9gb6-31c6-p6xb CVE-2023-5540 GHSA-w8x2-w4qr-v3x4
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-71dn-fkh5-k7hn CVE-2023-5541 GHSA-28gc-4qq5-8q26
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[LOW] Moodle Improper Access Control vulnerability
PKSA-d458-bwfk-smkv CVE-2023-5542 GHSA-8mm2-m2gp-c6x2
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-mc6m-hdgk-qpkp CVE-2023-5546 GHSA-9724-h8p7-r3jv
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-1tyr-r2xr-8vx6 CVE-2023-35131 GHSA-fwfj-8p36-rc64
Affected version: <3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to SQL Injection
PKSA-dhd3-j88c-2sy9 CVE-2023-35132 GHSA-49mv-vfcp-8gg9
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Server Side Request Forgery
PKSA-59yt-9rbk-gvyv CVE-2023-35133 GHSA-xxp4-mf4h-6cwm
Affected version: <3.9.22|>=3.10.0,<3.11.15|>=4.0.0,<4.0.9|>=4.1.0,<4.1.4|=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to stored Cross-site Scripting
PKSA-rn3d-zrrq-myhz CVE-2021-27131 GHSA-w2pm-fr62-jgv4
Affected version: <=3.10.1
Reported by:
GitHub -
[MEDIUM] Moodle External Control of File Name or Path vulnerability
PKSA-tkmd-sfy5-9ntm CVE-2023-30943 GHSA-22gj-8qj2-fj46
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-vvyj-pzxn-byrt CVE-2023-30944 GHSA-7mmc-22g7-3xq2
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle may allow students to bypass sequential navigation during a quiz attempt
PKSA-s41w-d8tm-rcvv CVE-2022-40208 GHSA-948f-j464-rfj2
Affected version: <3.9.16|>=3.11.0,<3.11.9|>=4.0.0,<4.0.3
Reported by:
GitHub -
[MEDIUM] Moodle may display roles to users who don't have access to them
PKSA-mxtf-x1wg-7bp2 CVE-2023-1402 GHSA-vj5p-fp42-774p
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-rp95-37zp-mm24 CVE-2023-28329 GHSA-72w2-j52c-7682
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle arbitrary file read vulnerability
PKSA-mc13-1wkx-jq4t CVE-2023-28330 GHSA-56r9-72vx-q989
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-bxtb-x3pj-rjq1 CVE-2023-28331 GHSA-77jm-f3vj-xvx2
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
PKSA-7jf2-xyg3-8k5b CVE-2023-28332 GHSA-9f45-9qrw-pp4v
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[CRITICAL] Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
PKSA-55x8-drvs-2svz CVE-2023-28333 GHSA-q2x3-2f9g-h559
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle may allow authenticated users to enumerate other user's names via learning plans page
PKSA-g5h3-zwb4-389q CVE-2023-28334 GHSA-hh52-g5c4-wprh
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Cross-site Request Forgery
PKSA-pcmh-ddgf-kp7b CVE-2023-28335 GHSA-wxmq-v9gx-75pg
Affected version: >=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle may allow teachers to access the names of users they could not otherwise access
PKSA-fyrz-rtnj-32jm CVE-2023-28336 GHSA-prjm-2fj2-787f
Affected version: <3.9.20|>=3.11.0,<3.11.13|>=4.0.0,<4.0.7|>=4.1.0,<4.1.2
Reported by:
GitHub -
[MEDIUM] Moodle has Incorrect Default Permissions
PKSA-p97s-2nyv-wn21 CVE-2021-36397 GHSA-2wmj-8mqg-r9q8
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-f1px-rfmw-j97k CVE-2021-36398 GHSA-786g-xv8v-9h93
Affected version: =3.11
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-dvwm-fjsh-f11d CVE-2021-36399 GHSA-79jp-m64f-pgrc
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle has Incorrect Default Permissions
PKSA-d6ng-xnwt-yqc8 CVE-2021-36400 GHSA-35wf-3wq2-r3hx
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Stored Cross-site Scripting
PKSA-6thw-4qmq-h8nv CVE-2021-36401 GHSA-g6h6-4fp6-w33w
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Improper Input Validation vulnerability
PKSA-rsfn-3wg6-9b49 CVE-2021-36402 GHSA-gv8f-43pg-c5qw
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle has a Hidden Functionality vulnerability
PKSA-9gf2-4rwz-pbz6 CVE-2021-36403 GHSA-j9cw-5cpj-9qj5
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[CRITICAL] Moodle SQL Injection vulnerability
PKSA-fvzz-7jy5-jqd2 CVE-2021-36392 GHSA-qc86-vgf2-6fq6
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[CRITICAL] Moodle SQL Injection vulnerability
PKSA-4hr3-sj2q-bthv CVE-2021-36393 GHSA-f46j-r7q3-6cm2
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle Session Fixation vulnerability
PKSA-p137-z8ts-57qr CVE-2021-36394 GHSA-2563-fp9c-mgm8
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Uncontrolled Resource Consumption
PKSA-gr2v-z4dh-7y8z CVE-2021-36395 GHSA-273w-7fxj-pcp6
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Server-Side Request Forgery
PKSA-wqjn-7ff5-5vg5 CVE-2021-36396 GHSA-4rmj-w58m-fvch
Affected version: <3.9.8|>=3.10.0-beta,<3.10.5|>=3.11.0-beta,<3.11.1
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-j8km-3bqv-4yq3 CVE-2023-23921 GHSA-97qf-pq7x-964m
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-h963-hhjr-6jq3 CVE-2023-23922 GHSA-grmj-gpwm-98ww
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6
Reported by:
GitHub -
[HIGH] Moodle Improper Access Control vulnerability
PKSA-9ggk-wqx1-s523 CVE-2023-23923 GHSA-32jc-9p58-p82x
Affected version: >=4.1.0-beta,<4.1.1|>=4.0.0-beta,<4.0.6|>=3.10.0,<3.11.12|<3.9.19
Reported by:
GitHub -
[CRITICAL] Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
PKSA-vvcc-hpr9-hc68 CVE-2022-45152 GHSA-xqcf-vgqc-pcmg
Affected version: >=4.0,<4.0.5|>=3.11,<3.11.11|>=3.9,<3.9.18
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in Moodle
PKSA-t78j-bk86-n5wb CVE-2022-45149 GHSA-8v23-w4w5-w83c
Affected version: >=4.0.0,<4.0.5|>=3.11.0,<3.11.11|>=3.9.0,<3.9.18
Reported by:
GitHub -
[MEDIUM] Moodle reflected cross-site scripting vulnerability in policy tool
PKSA-s5y4-r7wb-bznw CVE-2022-45150 GHSA-6gx2-g773-hv9h
Affected version: >=4.0,<4.0.5|>=3.11,<3.11.11|>=3.9,<3.9.18
Reported by:
GitHub -
[MEDIUM] Moodle stored-XSS vulnerability in some "social" user profile fields
PKSA-252k-gczv-hcwk CVE-2022-45151 GHSA-xv72-6pgh-cjj8
Affected version: >=4.0,<4.0.5|>=3.11,<3.11.11
Reported by:
GitHub -
[HIGH] Moodle Cross-Site Request Forgery (CSRF)
PKSA-2fn5-6ps8-z2j8 CVE-2022-2986 GHSA-xjr3-fwp9-9g96
Affected version: >=4.0,<4.0.3|>=3.11,<3.11.9
Reported by:
GitHub -
[HIGH] Moodle Stored Cross-site Scripting and page denial of service
PKSA-dhgp-ry9y-b8gx CVE-2022-40313 GHSA-jqgr-gh62-jf53
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[CRITICAL] Moodle remote code execution
PKSA-gn18-mdrw-79m2 CVE-2022-40314 GHSA-2hmm-q272-xmhf
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|<3.9.17
Reported by:
GitHub -
[CRITICAL] Moodle Minor SQL injection risk in admin user browsing
PKSA-rm4m-8bfs-9w2b CVE-2022-40315 GHSA-mqw9-3cjm-xwp3
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[MEDIUM] Moodle No groups filtering in H5P activity attempts report
PKSA-kj1m-bcy5-qfsx CVE-2022-40316 GHSA-385f-vgq7-8hhx
Affected version: >=4.0,<4.0.4|>=3.11,<3.11.10|>=3.9,<3.9.17
Reported by:
GitHub -
[MEDIUM] Moodle Improper Authentication
PKSA-bnxz-xrnv-wrwf CVE-2021-40691 GHSA-92vh-mr2w-j2cr
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Incorrect Authorization
PKSA-nf4m-wjx1-qh5g CVE-2021-40692 GHSA-wr6q-xv23-rfq9
Affected version: >=3.9,<3.9.10|>=3.10,<3.10.7|>=3.11,<3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle type juggling vulnerability
PKSA-qj4q-4qg2-xdz3 CVE-2021-40693 GHSA-2jxg-mv2m-j4r7
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Improper Encoding or Escaping of Output
PKSA-r71d-sf7c-v712 CVE-2021-40694 GHSA-m37g-mwcg-7j7v
Affected version: >=3.11,<3.11.3|>=3.10,<3.10.7|>=3.9,<3.9.10
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-5bkd-z2dx-gt97 CVE-2021-40695 GHSA-gp4w-f57r-9rx3
Affected version: >=3.9,<3.9.10|>=3.10,<3.10.7|>=3.11,<3.11.3
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-svbd-jdv9-tzjd CVE-2021-36568 GHSA-fm6m-fg23-67jq
Affected version: >=3.11.0,<3.11.10|>=3.10.0,<=3.10.4|<=3.9.7
Reported by:
GitHub -
[MEDIUM] Moodle reflected XSS Vulnerability
PKSA-8csq-fwxd-npxx CVE-2020-14320 GHSA-fcpw-vqh5-6qwj
Affected version: >=3.7,<=3.7.6|>=3.8,<=3.8.3|=3.9
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-r72p-st1c-gc1j CVE-2020-1691 GHSA-cwhp-rqfr-8462
Affected version: =3.8
Reported by:
GitHub -
[CRITICAL] Moodle PostScript Code Injection
PKSA-wty4-thjm-zbkj CVE-2022-35649 GHSA-xp2f-9mx3-3c6p
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[HIGH] Moodle Arbitrary file read when importing lesson questions
PKSA-2hzh-ymx1-3184 CVE-2022-35650 GHSA-pgm5-cr62-prxq
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[MEDIUM] Moodle Stored XSS and blind SSRF possible via SCORM track details
PKSA-bw77-6cg9-n3ns CVE-2022-35651 GHSA-wwv7-h477-wrv7
Affected version: >=4.0,<4.0.2|>=3.11,<3.11.8|>=3.9,<3.9.15
Reported by:
GitHub -
[MEDIUM] Moodle Open redirect risk in mobile auto-login feature
PKSA-y5bx-vvy6-9d79 CVE-2022-35652 GHSA-243v-5pff-qqfj
Affected version: >=3.9,<3.9.15|>=3.11,<3.11.8|>=4.0,<4.0.2
Reported by:
GitHub -
[HIGH] Moodle contains CSRF vulnerability
PKSA-wk49-jvzs-n8zp CVE-2021-43559 GHSA-3jrj-x6cj-97cp
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[CRITICAL] Moodle command execution vulnerability exists in the default legacy spellchecker plugin
PKSA-k7nx-24m2-nrw4 CVE-2021-21809 GHSA-c7jj-vfmr-j9mj
Affected version: =3.8.0|=3.11.2|=3.10.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross Site Scripting (XSS)
PKSA-rwvm-7wjm-x16g CVE-2021-32244 GHSA-g5m5-j48g-fr24
Affected version: =3.10.3
Reported by:
GitHub -
[MEDIUM] Moodle contains Stored XSS via ID number user profile field
PKSA-8n9f-d741-px4n CVE-2021-20279 GHSA-h7h6-fwpv-ggvx
Affected version: >=3.5,<=3.5.16|>=3.8,<=3.8.7|>=3.9,<=3.9.4|>=3.10,<=3.10.1
Reported by:
GitHub -
[MEDIUM] Moodle Bypass email verification secret when confirming account registration
PKSA-jnjs-71mv-mwzy CVE-2021-20282 GHSA-grj4-g57c-9xmv
Affected version: >=3.10,<3.10.2|>=3.9,<3.9.5|>=3.8,<3.8.8|>=3.5,<3.5.17
Reported by:
GitHub -
[MEDIUM] Missing permission check in Moodle
PKSA-m6dd-wy5n-1jcz CVE-2021-20283 GHSA-2m72-m5cw-3g9h
Affected version: <3.5.17|>=3.8.0,<3.8.8|>=3.9.0,<3.9.5|>=3.10.0,<3.10.2
Reported by:
GitHub -
[MEDIUM] Moodle Vulnerable to Reflected Cross-site Scripting
PKSA-88nn-1j9c-7vz4 CVE-2021-20183 GHSA-xhfx-rm8q-c3xv
Affected version: >=3.10,<4.0.0-beta
Reported by:
GitHub -
[MEDIUM] Moodle Grade information disclosure in grade's external fetch functions
PKSA-wrs3-rn1k-6ysb CVE-2021-20184 GHSA-mm73-86f9-5x5c
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7
Reported by:
GitHub -
[MEDIUM] Moodle Client side denial of service via personal message
PKSA-d6bj-st5z-p3gv CVE-2021-20185 GHSA-c3j6-33r4-89q3
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7|>=3.5,<3.5.16
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting
PKSA-31z4-kxmt-xp13 CVE-2021-20186 GHSA-h8m4-h385-qhqv
Affected version: >=3.5,<3.5.16|>=3.8,<3.8.7|>=3.9,<3.9.4|>=3.10,<3.10.1
Reported by:
GitHub -
[HIGH] Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
PKSA-czrr-wk83-tjhd CVE-2021-20187 GHSA-2jrm-gww7-wch2
Affected version: >=3.10,<3.10.1|>=3.9,<3.9.4|>=3.8,<3.8.7|>=3.5,<3.5.16
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting (XSS)
PKSA-y2d7-pbhp-w23h CVE-2020-25627 GHSA-mgfp-qcf2-pw3m
Affected version: >=3.9,<3.9.2
Reported by:
GitHub -
[HIGH] Moodle incorrect access control
PKSA-7c19-51gr-w7s6 CVE-2020-25629 GHSA-f5r8-7h4f-jr9x
Affected version: >=3.5,<=3.5.13|>=3.7,<=3.7.7|>=3.8,<=3.8.4|>=3.9,<=3.9.1
Reported by:
GitHub -
[HIGH] Moodle Denial of Service
PKSA-8grx-3y34-4hqr CVE-2020-25630 GHSA-66xp-28cq-mrf2
Affected version: >=3.5,<3.5.14|>=3.7,<3.7.8|>=3.8,<3.8.5|>=3.9,<3.9.2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-sgb8-g9gb-tjf1 CVE-2020-25631 GHSA-4w4j-9533-82qg
Affected version: >=3.7,<3.7.8|>=3.8,<3.8.5|>=3.9,<3.9.2
Reported by:
GitHub -
[HIGH] Moodle vulnerable to RCE
PKSA-gqk8-dz8g-pshz CVE-2020-10738 GHSA-vr6v-g96p-cjc3
Affected version: >=3.5,<=3.5.11|>=3.6,<=3.6.9|>=3.7,<=3.7.5|>=3.8,<=3.8.2
Reported by:
GitHub -
[CRITICAL] Moodle Oauth 2 Insufficiently Protects Against Compromise
PKSA-snjn-rks9-5k46 CVE-2019-14880 GHSA-rv62-6f56-j83w
Affected version: >=3.5.0,<3.5.9|>=3.6.0,<3.6.7|>=3.7.0,<3.7.3
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-wrk1-ct6r-jbc1 CVE-2019-14881 GHSA-9jf6-wq34-fg9w
Affected version: >=3.7.0,<=3.7.2
Reported by:
GitHub -
[MEDIUM] Moodle open redirect vulnerability
PKSA-3sjz-bwyc-41b4 CVE-2019-14882 GHSA-m98q-q59p-r9fv
Affected version: >=3.7,<3.7.3|>=3.6,<3.6.7|>=3.5,<3.5.9
Reported by:
GitHub -
[MEDIUM] Moodle reflected Cross-site Scripting (XSS)
PKSA-j5by-hmbp-7ms6 CVE-2019-14884 GHSA-3xh5-5v5v-mfgm
Affected version: >=3.5,<3.5.9|>=3.6,<3.6.7|>=3.7,<3.7.3
Reported by:
GitHub -
[MEDIUM] Moodle does not revoke role capabilities correctly
PKSA-tsyk-q1km-44v1 CVE-2019-14879 GHSA-g9m2-c2x5-fr2v
Affected version: >=3.5.0,<3.5.9|>=3.6.0,<3.6.7|>=3.7.0,<3.7.3
Reported by:
GitHub -
[MEDIUM] moodle Improper Access Control
PKSA-5myr-qbdk-7wg5 CVE-2019-10189 GHSA-h7xp-7fjp-ghhc
Affected version: <3.5.7|>=3.6.0,<3.6.5|>=3.7.0,<3.7.1
Reported by:
GitHub -
[HIGH] Moodle CSRF Vulnerability
PKSA-8c8v-f6f7-rcww CVE-2019-10186 GHSA-wv9c-pfpm-4wc5
Affected version: >=3.5.0,<=3.5.6|=3.7.0|>=3.6.0,<=3.6.4
Reported by:
GitHub -
[MEDIUM] Moodle Ability to delete glossary entries that belong to another glossary
PKSA-x8cr-tc36-h78c CVE-2019-10187 GHSA-2mg9-hv69-897x
Affected version: >=3.5,<3.5.7|>=3.6,<3.6.5|>=3.7,<3.7.1
Reported by:
GitHub -
[MEDIUM] moodle Improper Access Control
PKSA-mrw7-dxd8-j1dz CVE-2019-10188 GHSA-92q5-2h76-vgmj
Affected version: >=3.7.0,<3.7.1|>=3.6.0,<3.6.5|<3.5.7
Reported by:
GitHub -
[HIGH] Moodle all messaging conversations could be viewed
PKSA-xmp3-2cz3-fv7k CVE-2019-10154 GHSA-ww45-x87c-wgff
Affected version: >=3.6,<3.6.4
Reported by:
GitHub -
[MEDIUM] Moodle Open Redirect Vulnerability
PKSA-h548-xjzn-44z4 CVE-2019-10133 GHSA-5xp2-rv4h-mm2q
Affected version: <=3.1.17|>=3.4.0,<=3.4.8|>=3.5.0,<=3.5.5|>=3.6.0,<=3.6.3
Reported by:
GitHub -
[MEDIUM] Moodle Private files uploaded via incoming mail processing could bypass quota restrictions
PKSA-p7k9-nvkn-cn9k CVE-2019-10134 GHSA-j8wr-7xxj-c2fr
Affected version: >=3.1,<3.1.18|>=3.4,<3.4.9|>=3.5,<3.5.6|>=3.6,<3.6.4
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information in moodle
PKSA-yv8d-6896-kwd1 CVE-2022-30598 GHSA-fj6p-g234-rrv3
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] Incorrect Calculation in moodle
PKSA-6vy4-xp1h-g5xx CVE-2022-30600 GHSA-w37f-pvvx-wcwm
Affected version: >=3.11,<3.11.7|>=3.10,<3.10.11|>=3.9,<3.9.14|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-t41x-1pbm-pq6j CVE-2022-30596 GHSA-wvh5-78h5-gmgr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[MEDIUM] External Control of Assumed-Immutable Web Parameter in moodle
PKSA-8gg4-921q-8s9n CVE-2022-30597 GHSA-x6gm-qqwp-76gr
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[CRITICAL] SQL injection in moodle
PKSA-kbfy-hrnp-4yty CVE-2022-30599 GHSA-69c3-5xxf-58q2
Affected version: >=3.9,<3.9.14|>=3.10,<3.10.11|>=3.11,<3.11.7|>=4.0,<4.0.1
Reported by:
GitHub -
[HIGH] Moodle Unrestricted file upload vulnerability
PKSA-kpgk-j8s9-6ynw CVE-2016-9187 GHSA-58fm-v4pr-jh8p
Affected version: >=2.0.1,<=3.2.1
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-qzsz-dwgf-596p CVE-2016-9188 GHSA-7ghm-fp7p-qvjq
Affected version: >=2.0.1,<=3.2.1
Reported by:
GitHub -
[MEDIUM] Moodle Glossary search displays entries without checking user permissions to view them
PKSA-wwy5-f4bv-rzbc CVE-2016-5012 GHSA-g58x-p3pj-rg52
Affected version: >=3.1,<3.1.1
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting in assignment submission page
PKSA-dybr-w1x2-f6s6 CVE-2017-2578 GHSA-6r76-f8c8-fh7p
Affected version: >=3.2,<3.2.1|>=3.1,<3.1.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-Site Request Forgery (CSRF)
PKSA-rbhh-sssv-7prs CVE-2017-7491 GHSA-3hmr-948v-5qgq
Affected version: >=2.7,<2.7.20|>=3.0,<3.0.10|>=3.1,<3.1.6|>=3.2,<3.2.3
Reported by:
GitHub -
[MEDIUM] Moodle Global search displays user names for unauthenticated users
PKSA-sqx8-16g8-srsv CVE-2017-2643 GHSA-98mf-mqw9-9q8q
Affected version: >=3.2,<3.2.2
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-21ts-nh43-drxc CVE-2017-2644 GHSA-93gj-rg98-h7mm
Affected version: >=3.1.0,<=3.1.4|>=3.2.0,<=3.2.1
Reported by:
GitHub -
[MEDIUM] Moodle XSS in attachments to evidence of prior learning
PKSA-7wc2-m886-5wyt CVE-2017-2645 GHSA-9cg4-4f87-jhm3
Affected version: >=3.2,<3.2.2|>=3.1,<3.1.5
Reported by:
GitHub -
[MEDIUM] Moodle User fullname disclosure on user preferences page
PKSA-5br4-tqnq-6t1p CVE-2017-2642 GHSA-54r2-r67g-fr9m
Affected version: >=3.3,<3.3.1|>=3.2,<3.2.4|>=3.1,<3.1.7
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to symlink attack
PKSA-yn74-38zw-4s6q CVE-2008-5153 GHSA-x7r4-26m9-hmgq
Affected version: >=1.6.0,<1.6.9|>=1.7.0,<1.7.7|>=1.8.0,<1.8.8|>=1.9.0,<1.9.4
Reported by:
GitHub -
[CRITICAL] Moodle SQL injection via user preferences
PKSA-byjx-49pn-7gbn CVE-2017-2641 GHSA-xhq3-455r-xv44
Affected version: >=3.2,<3.2.2|>=3.1,<3.1.5|>=3.0,<3.0.9|>=2.7,<2.7.19
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-3x5q-rssj-5cz4 CVE-2017-12156 GHSA-7mfw-g8x4-rq2w
Affected version: <=3.1.7|>=3.2.0,<=3.2.4|>=3.3.0,<=3.3.1
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-c1md-j5p9-qkdj CVE-2017-12157 GHSA-gw95-48xq-gqf9
Affected version: <=3.1.7|>=3.2.0,<=3.2.4|>=3.3.0,<=3.3.1
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-7z41-zvht-ppzx CVE-2017-15110 GHSA-rjh8-w8jg-xwq5
Affected version: >=3.3,<3.3.3|>=3.2,<3.2.6|>=3.1,<3.1.9
Reported by:
GitHub -
[MEDIUM] Moodle Privilege escalation in quiz web services
PKSA-kswt-39q6-7d4v CVE-2018-1044 GHSA-332g-xh34-5c96
Affected version: >=3.4,<3.4.1|>=3.3,<3.3.4|>=3.2,<3.2.7|>=3.1,<3.1.10
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-dctc-t87b-q62r CVE-2018-1045 GHSA-595j-wpfg-23w4
Affected version: >=3.1,<=3.1.9|>=3.2,<=3.2.6|>=3.3,<=3.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting in the Course summary filter of the Add a new course
PKSA-nk9w-v1gr-fdwj CVE-2017-7298 GHSA-4m6v-x9fj-847j
Affected version: >=3.2,<=3.2.2
Reported by:
GitHub -
[MEDIUM] Moodle Portfolio forum caller class allows a user to download any file
PKSA-mwbd-dwm5-kvkp CVE-2018-1135 GHSA-vxmv-74rf-vqgp
Affected version: >=3.4,<3.4.3|>=3.3,<3.3.6|>=3.2,<3.2.9|>=3.1,<3.1.12
Reported by:
GitHub -
[HIGH] Moodle Portfolio script allows instantiation of class chosen by user
PKSA-h8ck-3y9r-f8ff CVE-2018-1137 GHSA-vxqh-mx28-7ghw
Affected version: >=3.4,<3.4.3|>=3.3,<3.3.6|>=3.2,<3.2.9|>=3.1,<3.1.12
Reported by:
GitHub -
[HIGH] Moodle SSRF Vulnerability
PKSA-pyd5-qc54-3462 CVE-2019-6970 GHSA-vjxx-54vw-q59f
Affected version: >=3.5.0,<3.5.4
Reported by:
GitHub -
[MEDIUM] Moodle SSRF Vulnerability
PKSA-6wb1-hw2f-9dff CVE-2018-1042 GHSA-qqjv-mc2v-p7mc
Affected version: >=3.4,<3.4.1|>=3.1,<=3.1.9|>=3.2,<=3.2.6|>=3.3,<=3.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting
PKSA-wf9x-xm4y-4h78 CVE-2018-1136 GHSA-xhfw-wjjc-4j5h
Affected version: >=3.4,<3.4.3|>=3.3,<3.3.6|>=3.2,<3.2.9|>=3.1,<3.1.12
Reported by:
GitHub -
[MEDIUM] Moodle Improper Privilege Management
PKSA-hjtz-j2q6-3tsq CVE-2018-1134 GHSA-xjx9-7c29-pwmm
Affected version: >=3.4,<3.4.3|>=3.3,<3.3.6|>=3.2,<3.2.9|>=3.1,<3.1.12
Reported by:
GitHub -
[MEDIUM] Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames
PKSA-m8qy-8zn5-1vvp CVE-2018-1043 GHSA-hpwm-84h5-vqr8
Affected version: >=3.4,<3.4.1|>=3.3,<3.3.4|>=3.2,<3.2.7
Reported by:
GitHub -
[MEDIUM] Moodle Unauthorized searching of arbitrary blogs by typing full url
PKSA-c9dw-62wj-b876 CVE-2017-7490 GHSA-9x63-m3cc-qf3g
Affected version: >=2.7,<2.7.20|>=3.0,<3.0.10|>=3.1,<3.1.6|>=3.2,<3.2.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Privilege Management
PKSA-32mp-qz4y-gvx3 CVE-2017-7532 GHSA-jjhx-5jff-rc8m
Affected version: <3.1.7|>=3.2.0,<3.2.4|=3.3.0
Reported by:
GitHub -
[MEDIUM] Moodle External blog editing takeover
PKSA-qk32-gtbq-54wv CVE-2017-7489 GHSA-m34m-fgh4-v7cx
Affected version: >=2.7,<2.7.20|>=3.0,<3.0.10|>=3.1,<3.1.6|>=3.2,<3.2.3
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-kp7p-8mgz-dwxp CVE-2018-10889 GHSA-wmvq-q9h8-7j4g
Affected version: >=3.3,<=3.3.6|=3.4.3|=3.5
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-m1cz-7y9n-3nwn CVE-2018-10890 GHSA-5w4h-xrr5-7273
Affected version: >=3.5,<3.5.1|>=3.4,<3.4.4|>=3.3,<3.3.7|>=3.1,<3.1.13
Reported by:
GitHub -
[HIGH] Moodle XML import of ddwtos could lead to intentional remote code execution
PKSA-w7mj-pb7y-rhgn CVE-2018-14630 GHSA-c3pr-h96w-2jjg
Affected version: <3.1.14|>=3.2.0,<3.3.8|>=3.4.0,<3.4.5|>=3.5.0,<3.5.2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting
PKSA-tjkf-ddbv-szb3 CVE-2018-14631 GHSA-gqrp-qhv8-phrv
Affected version: >=3.5,<3.5.2|>=3.4,<3.4.5|>=3.3,<3.3.8
Reported by:
GitHub -
[HIGH] Moodle Login CSRF vulnerability in login form
PKSA-vf94-csyt-2xyk CVE-2018-16854 GHSA-xj5f-qv37-r9jc
Affected version: >=3.5,<3.5.3|>=3.4,<3.4.6|>=3.3,<3.3.9|>=3.1,<3.1.15
Reported by:
GitHub -
[HIGH] Moodle Improper Authentication
PKSA-3qkh-gr8r-wx1n CVE-2018-1082 GHSA-qh8m-6g4p-33h3
Affected version: >=3.4,<3.4.2|>=3.3,<3.3.5
Reported by:
GitHub -
[CRITICAL] Moodle Blind SSRF Risk in /badges/mybackpack.php
PKSA-yhkv-1qyv-ck5m CVE-2019-3809 GHSA-jp4g-r8c9-3534
Affected version: >=3.1,<3.1.16
Reported by:
GitHub -
[MEDIUM] Moodle Stored HTML in assignment submission comments allowed links to be opened directly
PKSA-cjxh-89j3-yvhw CVE-2019-3850 GHSA-3fj7-9j8m-7r8g
Affected version: >=3.6.0,<3.6.3|>=3.5.0,<3.5.5|>=3.2.0,<3.4.8|<3.1.17
Reported by:
GitHub -
[MEDIUM] Moodle context freezing
PKSA-ytjm-qvyc-67j9 CVE-2019-3852 GHSA-v2rh-5v88-rgvh
Affected version: >=3.6,<3.6.3
Reported by:
GitHub -
[MEDIUM] Moodle Secure layout contained an insecure link in Boost theme
PKSA-tpst-p8mh-mjpn CVE-2019-3851 GHSA-pj45-hp8h-289r
Affected version: >=3.6,<3.6.3|>=3.5,<3.5.5
Reported by:
GitHub -
[MEDIUM] Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
PKSA-3qg3-rv6s-zdvx CVE-2018-1081 GHSA-v9xq-vh72-chr4
Affected version: >=3.4,<3.4.2|>=3.3,<3.3.5|>=3.2,<3.2.8|>=3.1,<3.1.11
Reported by:
GitHub -
[HIGH] Moodle Users could elevate their role when accessing the LTI tool on a provider site
PKSA-tsyc-dk7h-qs9g CVE-2019-3849 GHSA-5wg9-5w3f-hxmh
Affected version: >=3.6,<3.6.3|>=3.5,<3.5.5|<3.4.8
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-5wvg-81wj-qh1y CVE-2019-3808 GHSA-4r2p-wpv5-683w
Affected version: <=3.1.15|>=3.2.0,<=3.4.6|>=3.5.0,<=3.5.3|>=3.6.0,<=3.6.1
Reported by:
GitHub -
[HIGH] Moodle XSS Vulnerability
PKSA-yw59-qjd3-wwyf CVE-2018-10891 GHSA-p7v9-gjrh-563x
Affected version: >=3.1.0,<3.1.13|>=3.2.0,<3.2.10|>=3.3.0,<3.3.7|>=3.4.0,<3.4.4|>=3.5.0,<3.5.1
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to XSS via bundled spikephpcoverage library
PKSA-wcmx-m3sy-93sz CVE-2011-4280 GHSA-mx5g-3vxh-rgm8
Affected version: >=2.0,<2.0.2
Reported by:
GitHub -
[MEDIUM] Moodle Incorrect Default Settings
PKSA-y2w7-928b-32ph CVE-2011-4285 GHSA-8vjj-wf73-w882
Affected version: >=2.0,<2.0.2
Reported by:
GitHub -
[MEDIUM] Moodle does not properly restrict access to category and course data
PKSA-2c4t-73c1-d887 CVE-2011-4300 GHSA-9p54-pc88-36c4
Affected version: >=2.0.0,<2.0.5|>=2.1,<2.1.2
Reported by:
GitHub -
[MEDIUM] Moodle Open Redirect in Calendar Set Page
PKSA-yqmp-nbx7-jq5q CVE-2011-4582 GHSA-jcrj-x36p-h9f6
Affected version: >=2.1,<2.1.3
Reported by:
GitHub -
[MEDIUM] Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
PKSA-g5bd-h7mp-y3rr CVE-2011-4293 GHSA-wxvp-8q8h-r6rr
Affected version: >=2.1,<2.1.1|>=2.0,<2.0.4
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-gwgv-grtw-yhfm CVE-2011-4306 GHSA-r729-mx2r-j26j
Affected version: <1.9.14
Reported by:
GitHub -
[MEDIUM] Moodle Open Redirect Via Error Messages
PKSA-9kyd-5k1t-59zy CVE-2011-4294 GHSA-hxmp-8f47-x9fc
Affected version: >=2.1,<2.1.1|>=2.0,<2.0.4|<1.9.13
Reported by:
GitHub -
[MEDIUM] Moodle Allows Modification of Constants
PKSA-ksnr-kdcy-g89c CVE-2011-4301 GHSA-jcrj-gmr6-p5j8
Affected version: >=2.1,<2.1.2|>=2.0,<2.0.5|<1.9.14
Reported by:
GitHub -
[MEDIUM] phpCAS client library and Moodle Cross-site Scripting vulnerability
PKSA-4p4j-2z8w-vp5c CVE-2010-1618 GHSA-45ch-hxgr-vx8j
Affected version: >=1.9.0,<1.9.8|>=1.8.0,<1.8.12
Reported by:
GitHub -
[MEDIUM] Moodle XSS In Tag Autocomplete functionality
PKSA-pxgx-qwr2-pyds CVE-2011-4278 GHSA-6656-6qwx-4c2m
Affected version: <1.9.11|>=2.0,<2.0.2
Reported by:
GitHub -
[MEDIUM] Moodle is vulnerable to unauthorized new accounts creation
PKSA-5c17-xrcb-h1st CVE-2010-1616 GHSA-966m-m549-2878
Affected version: >=1.9.0,<1.9.8|>=1.8.0,<1.8.12
Reported by:
GitHub -
[MEDIUM] Moodle Exposes Sensitive User Information
PKSA-358z-n797-n4qd CVE-2012-2353 GHSA-mr97-gvvg-rhgh
Affected version: >=2.2,<2.2.3|>=2.1,<2.1.6
Reported by:
GitHub -
[MEDIUM] Moodle Authentication Bypass in Question-Bank
PKSA-t7r8-8dxv-hg44 CVE-2012-2356 GHSA-3rqj-jchw-9cc7
Affected version: >=2.2,<2.2.3|>=2.1,<2.1.6
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
PKSA-jq8f-1jnp-3sv5 CVE-2010-2230 GHSA-3gm8-32vv-q8mp
Affected version: >=1.9.0,<1.9.9|<1.8.13
Reported by:
GitHub -
[MEDIUM] Moodle CRLF Injection Vulnerability in Calendar Component
PKSA-38dn-9n2s-rp4p CVE-2011-4203 GHSA-4w8m-96v9-2c86
Affected version: >=2.1,<2.1.3|>=2.0,<2.0.6|<1.9.15
Reported by:
GitHub -
[MEDIUM] Moodle Users Can Bypass Deleted Status
PKSA-bqs2-mjm9-jj77 CVE-2012-0797 GHSA-72gv-qqrp-h9qg
Affected version: >=2.0,<2.0.7|>=2.1,<2.1.4|>=2.2,<2.2.1
Reported by:
GitHub -
[MEDIUM] Moodle Allows Unauthenticated Dropbox Access
PKSA-5s6f-mwj8-pg87 CVE-2012-5471 GHSA-mpjx-8phj-5m34
Affected version: >=2.1,<=2.1.8|>=2.2,<=2.2.5|>=2.3,<=2.3.2
Reported by:
GitHub -
[MEDIUM] Moodle Authentication Bypass in File Upload
PKSA-f1wb-pnff-59xp CVE-2012-3387 GHSA-w66h-c2vj-cm7f
Affected version: >=2.3,<2.3.1
Reported by:
GitHub -
[LOW] Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
PKSA-ww3k-y9kn-y4zk CVE-2013-1833 GHSA-89f3-74m6-g27g
Affected version: >=2.0.0,<=2.1.10|>=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.2.0,<2.2.8
Reported by:
GitHub -
[LOW] Moodle's login_as feature leaks information from external repositories
PKSA-c5mr-nprk-57jn CVE-2013-1835 GHSA-cc94-hwj3-rf65
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.0.0,<2.2.8
Reported by:
GitHub -
[MEDIUM] Moodle does not consider "don't send" attributes during hub registration
PKSA-gwbf-f5nj-g62k CVE-2013-2081 GHSA-x3x8-fjw6-hccx
Affected version: >=2.4.0,<2.4.4|>=2.3.0,<2.3.7|<2.2.10
Reported by:
GitHub -
[MEDIUM] Moodle does not enforce capability requirements for reading blog comments
PKSA-6qvf-pdws-9npt CVE-2013-2082 GHSA-wp3g-pr4h-q6vv
Affected version: >=2.4.0,<2.4.4|>=2.3.0,<2.3.7|<2.2.10
Reported by:
GitHub -
[MEDIUM] Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
PKSA-z5r2-njhw-y3cp CVE-2013-2083 GHSA-m63h-q4x3-6hwj
Affected version: <2.2.10|>=2.4.0,<2.4.4|>=2.3.0,<2.3.7
Reported by:
GitHub -
[MEDIUM] Moodle allows remote authenticated users to reassign notes
PKSA-zj4q-g2zv-nbth CVE-2013-1834 GHSA-prrh-679x-79qh
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=1.9.0,<2.2.8
Reported by:
GitHub -
[MEDIUM] Moodle does not properly manage privileges for WebDAV repositories
PKSA-kb5g-cyxf-t8ns CVE-2013-1836 GHSA-664q-mrxx-2x2v
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.0.0,<2.2.8
Reported by:
GitHub -
[MEDIUM] Moodle is vulnerable to Sensitive Information Disclosure
PKSA-f8mj-3md2-3zn3 CVE-2013-2080 GHSA-wmmc-qjq2-vvm2
Affected version: <2.3.7|>=2.4.0,<2.4.4
Reported by:
GitHub -
[MEDIUM] PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
PKSA-bbb8-1gxr-wfm6 CVE-2012-6112 GHSA-fx5h-3786-h2w6
Affected version: =2.4.0|>=2.3.0,<2.3.4|>=2.2.0,<2.2.7|>=2.1.0,<2.1.10
Reported by:
GitHub -
[MEDIUM] Moodle does not enforce the forceloginforprofiles setting
PKSA-kdds-cbr1-7xnx CVE-2013-1830 GHSA-8r7x-qq55-74v2
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.2.0,<2.2.8|<=2.1.10
Reported by:
GitHub -
[MEDIUM] Moodle reveals absolute path in exception message
PKSA-mrbp-9kf8-np6d CVE-2013-1831 GHSA-xr24-jp5c-6c4v
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.2.0,<2.2.8|<=2.1.10
Reported by:
GitHub -
[MEDIUM] Moodle includes the WebDAV password in the configuration form
PKSA-2pb4-d9dy-wtq5 CVE-2013-1832 GHSA-pgp5-rcwp-qvfg
Affected version: >=2.4.0,<2.4.2|>=2.3.0,<2.3.5|>=2.2.0,<2.2.8|>=2.0.0,<=2.1.10
Reported by:
GitHub -
[MEDIUM] Moodle Arbitrary File Read via Backup Functionality
PKSA-tnt1-sgnc-qc5p CVE-2012-6099 GHSA-cr78-rphw-w73p
Affected version: >=2.1,<=2.1.9|>=2.2,<=2.2.6|>=2.3,<=2.3.3|=2.4
Reported by:
GitHub -
[MEDIUM] Moodle cross-site scripting (XSS) vulnerability
PKSA-mcfm-4qfd-q64n CVE-2014-0218 GHSA-ch68-5r37-p7c3
Affected version: >=2.6.0,<2.6.3|>=2.5.0,<2.5.6|<2.4.10
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-2bsx-3byg-qg7b CVE-2014-2571 GHSA-75c6-xqwr-v2r9
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle cross-site request forgery (CSRF) vulnerability
PKSA-3h1s-9b34-f5p2 CVE-2014-0126 GHSA-4wvg-7886-83gv
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle's time-validation implementation allows bypassing intended restrictions
PKSA-tw6p-1xzy-gzn8 CVE-2014-0127 GHSA-6p3g-hw27-qh44
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to modify the visibility of a badge
PKSA-pymj-sb5m-pw5q CVE-2014-0129 GHSA-5rr5-fxhc-jv64
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site request forgery (CSRF) vulnerabilities
PKSA-4h2d-1zqg-9ycy CVE-2014-0213 GHSA-h75f-hjcr-cvh8
Affected version: >=2.6.0,<2.6.3|>=2.5.0,<2.5.6|<2.4.10
Reported by:
GitHub -
[MEDIUM] Moodle creates a MoodleMobile web-service token with an infinite lifetime
PKSA-3d8z-kbcj-jhvx CVE-2014-0214 GHSA-48rq-vj58-2mh6
Affected version: >=2.6.0,<2.6.3|>=2.5.0,<2.5.6|<2.4.10
Reported by:
GitHub -
[MEDIUM] Moodle Reveals Student Information Meant To Be Anonymous
PKSA-3f9q-gfc9-y8pb CVE-2014-0215 GHSA-2fmv-j5xj-4fmq
Affected version: >=2.4.0,<=2.4.9|>=2.5.0,<=2.5.5|>=2.6.0,<=2.6.2
Reported by:
GitHub -
[MEDIUM] Moodle does not properly restrict file access
PKSA-2bvf-j5pg-v8z3 CVE-2014-0216 GHSA-8rc7-4qfv-4484
Affected version: >=2.6.0,<2.6.3|>=2.5.0,<2.5.6|<2.4.10
Reported by:
GitHub -
[MEDIUM] Moodle does not check for the moodle/course:viewhiddencourses capability
PKSA-bfbf-3qyg-n6z1 CVE-2014-0217 GHSA-c3vx-v4x8-x894
Affected version: >=2.6.0,<2.6.3
Reported by:
GitHub -
[MEDIUM] Moodle attackers to modify grade metadata
PKSA-bv7q-bg4z-3d56 CVE-2014-2572 GHSA-267j-cwvg-j28c
Affected version: >=2.6.0,<2.6.2
Reported by:
GitHub -
[MEDIUM] Moodle allows bypass of intended access restrictions
PKSA-3fx5-vnx6-p2p3 CVE-2014-0122 GHSA-f9m9-494r-w36p
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle does not properly restrict access
PKSA-mpn4-q6pk-kp1z CVE-2014-0123 GHSA-2vhr-4mhq-m35c
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive information
PKSA-bhg5-9pgg-5dzt CVE-2014-0124 GHSA-fc5p-vj3h-x7g4
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle places a session key in a URL
PKSA-hsbm-pzq5-tfbx CVE-2014-0125 GHSA-j465-7mp6-3xg3
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to bypass intended access restrictions
PKSA-4qgs-3f9g-wc4z CVE-2015-5342 GHSA-6xpm-q8x9-j3rw
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle cross-site scripting (XSS) vulnerabilities
PKSA-62vp-mb56-c3pd CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=2.6.0,<2.6.2|>=2.5.0,<2.5.5|<2.4.9
Reported by:
GitHub -
[LOW] Moodle does not set the RISK_XSS bit for graders
PKSA-rmg8-16vw-9cwj CVE-2015-0216 GHSA-2jcw-r79x-4r5v
Affected version: >=2.8.0,<2.8.2
Reported by:
GitHub -
[MEDIUM] Moodle improper access control
PKSA-bsck-74p7-x43g CVE-2015-5331 GHSA-m7cc-6vhg-39wr
Affected version: >=2.9.0,<2.9.3
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-m9hq-ptn5-f797 CVE-2015-5340 GHSA-mmvj-j7hq-rx85
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|>=2.7.0,<2.7.11|<=2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to read SCORM contents
PKSA-vrmn-wxwy-97gm CVE-2015-5341 GHSA-c2r4-f8qv-2v7v
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle Information Disclosure
PKSA-5qj5-11vg-qvk1 CVE-2017-7531 GHSA-w2pj-r8m3-r4jc
Affected version: <3.3.1
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-mtxw-jk4f-m72f CVE-2015-5337 GHSA-2hw6-6rgf-726v
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|>=2.7.0,<2.7.11|<=2.6.11
Reported by:
GitHub -
[HIGH] Moodle multiple cross-site request forgery (CSRF) vulnerabilities
PKSA-4bb7-mpff-vp25 CVE-2015-5338 GHSA-v33x-q8gh-4x42
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle cross-site scripting (XSS) vulnerability
PKSA-jf6j-vc78-cp8m CVE-2015-3274 GHSA-f7qm-q26p-6rr2
Affected version: >=2.9.0,<2.9.1|>=2.8.0,<2.8.7|>=2.7.0,<2.7.9
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site scripting (XSS) vulnerabilities
PKSA-579c-mvkm-rbfy CVE-2015-3275 GHSA-6922-5v25-p8jg
Affected version: >=2.9.0,<2.9.1|>=2.8.0,<2.8.7|>=2.7.0,<2.7.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to enter additional answer attempts
PKSA-vmm6-rqpt-pmdv CVE-2015-5264 GHSA-mm9q-3847-m48x
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|>=2.7.0,<2.7.10
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to delete files
PKSA-4q4r-v281-1nqs CVE-2015-5265 GHSA-44xp-wj24-9xxj
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|>=2.7.0,<2.7.10
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain manager privileges
PKSA-dv3x-18qf-fvt3 CVE-2015-5266 GHSA-454r-4cjv-vc9h
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|>=2.7.0,<2.7.10
Reported by:
GitHub -
[HIGH] Moodle uses predictable password-recovery tokens
PKSA-hfyq-mgbf-xtb3 CVE-2015-5267 GHSA-382v-gxj9-ffhc
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|<2.7.10
Reported by:
GitHub -
[MEDIUM] Moodle mishandles group-based authorization checks
PKSA-11kg-n1m6-bq4m CVE-2015-5268 GHSA-h34c-px28-rjgw
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|<2.7.10
Reported by:
GitHub -
[MEDIUM] Moodle cross-site scripting (XSS) vulnerability
PKSA-zt3k-hnz4-xrj4 CVE-2015-5269 GHSA-5729-822w-j342
Affected version: >=2.9.0,<2.9.2|>=2.8.0,<2.8.8|<2.7.10
Reported by:
GitHub -
[MEDIUM] Moodle cross-site request forgery (CSRF) vulnerability
PKSA-6xg5-ptmj-4cn2 CVE-2015-5335 GHSA-hpmv-wvq3-gj27
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site scripting (XSS) vulnerabilities
PKSA-t3cj-1j63-ywv4 CVE-2015-5336 GHSA-grvw-qq2j-r898
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle does not properly implement group-based access restrictions
PKSA-xv71-1ryj-tkpd CVE-2015-5339 GHSA-gmhr-6f43-7qpj
Affected version: >=2.9.0,<2.9.3|>=2.8.0,<2.8.9|<2.7.11
Reported by:
GitHub -
[MEDIUM] Moodle Arbitrary Redirect
PKSA-g4rm-6q21-2mmt CVE-2015-3175 GHSA-h798-h7ff-93xv
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|>=2.6.0,<2.6.11|<=2.5.9
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-pgwx-wjzq-mggw CVE-2015-3178 GHSA-9fmw-m4qx-6cq8
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive course-structure information
PKSA-6ks7-zmpy-ncf2 CVE-2015-3180 GHSA-688p-pgj4-77hh
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to bypass file-management restrictions
PKSA-w8kq-dtdw-vgnt CVE-2015-3181 GHSA-622h-cjgg-5mx6
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[HIGH] Moodle open redirect vulnerability
PKSA-3msp-43z8-4nw1 CVE-2015-3272 GHSA-2hw2-h3mf-c2j9
Affected version: >=2.9.0,<2.9.1|>=2.8.0,<2.8.7|>=2.7.0,<2.7.9
Reported by:
GitHub -
[MEDIUM] Moodle directory traversal vulnerability
PKSA-tp98-8z5s-kbj5 CVE-2015-1493 GHSA-gphj-63h8-r9vq
Affected version: >=2.8.0,<2.8.3|>=2.7.0,<2.7.5|<2.6.8
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
PKSA-b2x7-jg5t-2g8h CVE-2015-2266 GHSA-35pr-gqm6-r366
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to extract archives to arbitrary directories
PKSA-r8s2-5mc3-pv6n CVE-2015-2267 GHSA-cm4r-58pj-h2ph
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to cause a denial of service
PKSA-q1yp-2nqz-b158 CVE-2015-2268 GHSA-36cm-vrqh-8p98
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[LOW] Moodle XSS Vulnerability
PKSA-h6c8-tnwx-2f51 CVE-2015-2269 GHSA-cp39-43xr-2wrp
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|>=2.6.0,<2.6.9|<=2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive course information
PKSA-hwvf-5rt9-z24g CVE-2015-2270 GHSA-fp4h-j22r-vwcv
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[MEDIUM] Moodle does not consider the moodle/tag:flag capability
PKSA-3qsz-9j6v-gm49 CVE-2015-2271 GHSA-v3wp-35g3-m9mm
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to bypass a forced-password-change requirement
PKSA-27xq-htgk-jm9f CVE-2015-2272 GHSA-5659-g9p4-354f
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-yw8j-6drp-1cx1 CVE-2015-2273 GHSA-w77v-xpxr-c6pv
Affected version: >=2.8.0,<2.8.4|>=2.7.0,<2.7.6|<2.6.9
Reported by:
GitHub -
[LOW] Moodle does not set the RISK_XSS bit for graders
PKSA-kfnw-tfjj-6p3n CVE-2015-3174 GHSA-6r7x-6q98-qcqp
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers obtain full-name information
PKSA-g64b-srdk-yh9x CVE-2015-3176 GHSA-fqrg-vmvj-jv3x
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[LOW] Moodle allows attackers to bypass intended login restrictions
PKSA-tgxp-6v2t-d4cw CVE-2015-3179 GHSA-4ppg-2mx6-fqx9
Affected version: >=2.8.0,<2.8.6|>=2.7.0,<2.7.8|<2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to bypass a messaging-disabled setting
PKSA-4cdp-42wk-t4nw CVE-2015-0214 GHSA-4jm2-c9jr-6prf
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[LOW] Moodle allows attackers to upload files containing JavaScript
PKSA-3xvj-zgx8-36by CVE-2014-7835 GHSA-vrf6-q7qj-69v5
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site request forgery (CSRF) vulnerabilities
PKSA-7dsw-mhqq-zggg CVE-2014-7836 GHSA-wpq5-q3mj-8f3r
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to remove wiki pages
PKSA-396c-wmdr-pxzq CVE-2014-7837 GHSA-p3hj-cfhm-7g6v
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[HIGH] Moodle Temporary Passwords are Brute Force-able
PKSA-77dp-vfrk-4h6v CVE-2014-7845 GHSA-9v64-447r-wch6
Affected version: >=2.5.0,<=2.5.8|>=2.6.0,<=2.6.5|>=2.7.0,<=2.7.2
Reported by:
GitHub -
[MEDIUM] Moodle does not consider the moodle/tag:edit capability before adding a tag
PKSA-7bkh-3548-1jd8 CVE-2014-7846 GHSA-468q-9cmp-76wc
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to cause a denial of service
PKSA-f2dm-ppx5-2c2g CVE-2014-7847 GHSA-6vjg-2q57-rgfw
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attacks to obtain sensitive information
PKSA-nfpm-wg1g-82w4 CVE-2014-7848 GHSA-47cw-whh9-j2fq
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6
Reported by:
GitHub -
[MEDIUM] Moodle does not provide charset information in HTTP headers
PKSA-4y8z-n5wc-bxmp CVE-2014-9059 GHSA-crcq-pw8h-9xwf
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to trigger the generation of arbitrary messages
PKSA-bc4j-ywmc-7mbd CVE-2014-9060 GHSA-c87j-9rrq-h3j8
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive information
PKSA-2zg9-h96f-fxr7 CVE-2015-0211 GHSA-frhc-9hwc-x7j3
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-rdgv-cwk4-rgt1 CVE-2015-0212 GHSA-jj3j-mhgc-g4m4
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site request forgery (CSRF) vulnerabilities
PKSA-xy15-xyyj-xchk CVE-2015-0213 GHSA-hhq7-jf2p-hw9c
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive calendar-event information
PKSA-gfjr-p6fw-dkfr CVE-2015-0215 GHSA-fr9m-pjmm-qx9f
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to cause a denial of service
PKSA-3sjh-11nk-p5kd CVE-2015-0217 GHSA-p497-37fc-xvvc
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[MEDIUM] Moodle cross-site request forgery (CSRF) vulnerability
PKSA-gwzp-t449-t8d2 CVE-2015-0218 GHSA-5jph-mvfm-r27p
Affected version: >=2.8.0,<2.8.2|>=2.7.0,<2.7.4|<2.6.7
Reported by:
GitHub -
[MEDIUM] Moodle allows discovery of an author's username
PKSA-8dtb-3dch-zn8d CVE-2014-3617 GHSA-p5j7-26wj-423j
Affected version: >=2.7.0,<2.7.2|>=2.6.0,<2.6.5|<2.5.8
Reported by:
GitHub -
[MEDIUM] Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
PKSA-vd8d-53dy-hc1q CVE-2014-7838 GHSA-43r4-vm25-qm78
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site scripting (XSS) vulnerabilities
PKSA-vx9k-57cm-s586 CVE-2014-3548 GHSA-f66h-6mj2-rwj2
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|<2.4.11
Reported by:
GitHub -
[LOW] Moodle multiple cross-site scripting (XSS) vulnerabilities
PKSA-wwg7-w6tq-nps3 CVE-2014-3551 GHSA-m8f5-9wg8-2c3h
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|<2.4.11
Reported by:
GitHub -
[MEDIUM] Moodle does not enforce the moodle/site:accessallgroups capability requirement
PKSA-6cfx-gy79-92vk CVE-2014-3553 GHSA-mg69-5q59-8jcg
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|<2.5.7
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-7fq1-fs84-nyrr CVE-2014-7830 GHSA-j4mr-vc54-h5pc
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle exposes hidden grades to students
PKSA-ttcc-s4hr-k9z2 CVE-2014-7831 GHSA-59j6-8g7w-prf7
Affected version: >=2.7.0,<2.7.3
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to bypass the mod/lti:view capability requirement
PKSA-3wv9-m6zt-m558 CVE-2014-7832 GHSA-mphj-h2fc-62x3
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive information
PKSA-znjp-qs57-xp64 CVE-2014-7833 GHSA-jq7x-gm9r-v8m7
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6|<2.5.9
Reported by:
GitHub -
[MEDIUM] Moodle does not verify group permissions
PKSA-pxf1-574p-2hpf CVE-2014-7834 GHSA-557f-2hv4-7jjm
Affected version: >=2.7.0,<2.7.3|>=2.6.0,<2.6.6
Reported by:
GitHub -
[HIGH] Moodle vulnerable to PHP object injection attacks
PKSA-z489-s91j-4s71 CVE-2014-3541 GHSA-fccf-p8fx-vjj4
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|<2.4.11
Reported by:
GitHub -
[MEDIUM] Moodle allows remote attackers to read arbitrary files
PKSA-mj21-2wqq-9kcc CVE-2014-3542 GHSA-xmwv-mqh8-4xgw
Affected version: =2.7.0|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|>=2.4.0,<2.4.11|<=2.3.11
Reported by:
GitHub -
[MEDIUM] Moodle Arbitrary File Read via XML External Entity vulnerability
PKSA-2njy-8329-gfjv CVE-2014-3543 GHSA-27j2-c838-c3qg
Affected version: <=2.4.10|>=2.5.0,<=2.5.6|>=2.6.0,<=2.6.3|=2.7.0
Reported by:
GitHub -
[LOW] Moodle cross-site scripting (XSS) vulnerability
PKSA-dw67-sq9s-wcs2 CVE-2014-3544 GHSA-c9jp-244j-vh78
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|<2.4.11
Reported by:
GitHub -
[MEDIUM] Moodle remote code execution via quiz questions
PKSA-7bwk-vbpq-ymxt CVE-2014-3545 GHSA-3m99-h3hp-w9j7
Affected version: >=2.4.0,<=2.4.10|>=2.5.0,<=2.5.6|>=2.6.0,<=2.6.3|=2.7.0
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain username and course information
PKSA-b4xz-k616-hh1h CVE-2014-3546 GHSA-4c5g-w3gf-rf4f
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7|<2.4.11
Reported by:
GitHub -
[MEDIUM] Moodle multiple cross-site scripting (XSS) vulnerabilities
PKSA-gcfp-m31z-27tz CVE-2014-3547 GHSA-hwjv-mc78-cccj
Affected version: >=2.7.0,<2.7.1|>=2.6.0,<2.6.4|>=2.5.0,<2.5.7
Reported by:
GitHub -
[MEDIUM] Moodle Does Not Escape Characters In Email Headers
PKSA-mrhz-65pt-bwv4 CVE-2016-5013 GHSA-2hh3-jmv8-5fmx
Affected version: >=3.1,<3.1.1|>=2.7,<=2.7.14|>=2.8,<=2.8.12|>=2.9,<=2.9.6|>=3.0,<=3.0.4
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-xjww-ng4t-zxr1 CVE-2016-5014 GHSA-c4cq-v4wp-28hg
Affected version: >=2.8.0,<=2.8.12|>=2.9.0,<=2.9.6|>=3.0.0,<=3.0.4|=3.1.0
Reported by:
GitHub -
[HIGH] Moodle Weak Password Recovery Mechanism for Forgotten Password
PKSA-gypm-xnhz-46q4 CVE-2016-7038 GHSA-2phx-w35g-x9vm
Affected version: >=3.1,<3.1.2|>=3.0,<3.0.6|>=2.9,<2.9.8|>=2.7,<2.7.16
Reported by:
GitHub -
[MEDIUM] Moodle Unauthenticated Access
PKSA-kdm6-vbx8-tjtr CVE-2016-8642 GHSA-x32v-7qw8-cpq8
Affected version: >=2.7.0,<=2.7.16|>=2.8.0,<=2.8.12|>=2.9.0,<=2.9.8|>=3.0.0,<=3.0.6|>=3.1.0,<=3.1.2
Reported by:
GitHub -
[MEDIUM] Moodle Incorrect sanitation of attributes in forums
PKSA-6w9m-cpwz-kns6 CVE-2017-2576 GHSA-cjrf-xg77-chpw
Affected version: >=3.2,<3.2.1|>=3.1,<3.1.4|>=3.0,<3.0.8|>=2.7,<2.7.18
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-t8kx-3svp-d147 CVE-2016-0724 GHSA-hjrj-7wcj-7j3c
Affected version: >=3.0.0,<3.0.2|>=2.9.0,<2.9.4|>=2.8.0,<2.8.10|>=2.7.0,<2.7.12|<=2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site scripting (XSS) vulnerability in course management search
PKSA-b13t-82mk-vc2q CVE-2016-0725 GHSA-gj2j-ppjq-9pjg
Affected version: >=3.0,<3.0.2|>=2.9,<2.9.4|>=2.8,<2.8.10
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to discover student e-mail addresses
PKSA-dkbx-w2rv-cdkf CVE-2016-2151 GHSA-r3fc-hx6q-g6cq
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11|<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle XSS from profile fields from external db
PKSA-75hy-ngqk-dth8 CVE-2016-2152 GHSA-6mxm-wpqv-675h
Affected version: >=3.0,<3.0.3|>=2.9,<2.9.5|>=2.8,<2.8.11|>=2.7,<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle Reflected XSS in mod_data advanced search
PKSA-dxky-ffts-9sn2 CVE-2016-2153 GHSA-mj85-3hqq-r6r9
Affected version: >=3.0,<3.0.3|>=2.9,<2.9.5|>=2.8,<2.8.11|>=2.7,<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to discover hidden course names
PKSA-m3qn-9gpm-1ymw CVE-2016-2154 GHSA-fmq9-58q4-xjw5
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to modify "Exclude grade" settings
PKSA-h3b3-8m5y-2396 CVE-2016-2155 GHSA-32hg-73hp-vwc8
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11
Reported by:
GitHub -
[MEDIUM] Moodle provides calendar-event data without considering whether an activity is hidden
PKSA-z4n4-rs2c-6k1v CVE-2016-2156 GHSA-h8vc-v44p-5r2q
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11|<2.7.13
Reported by:
GitHub -
[HIGH] Moodle cross-site request forgery (CSRF) vulnerability
PKSA-1938-5qz6-t3bd CVE-2016-2157 GHSA-f5pm-c4cw-563p
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11|<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle allows attackers to obtain sensitive category-detail information
PKSA-yf1q-wfmq-s1cf CVE-2016-2158 GHSA-m882-j7gq-v9p7
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11|<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle External function mod_assign_save_submission does not check due dates
PKSA-p6dy-jn3p-67k9 CVE-2016-2159 GHSA-cw72-69wq-f9f2
Affected version: >=3.0,<3.0.3|>=2.9,<2.9.5|>=2.8,<2.8.11|>=2.7,<2.7.13
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-5jbs-pdwn-23gd CVE-2016-2190 GHSA-r9pc-g29w-f86j
Affected version: >=3.0.0,<3.0.3|>=2.9.0,<2.9.5|>=2.8.0,<2.8.11|>=2.7.0,<2.7.13|<=2.6.11
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control
PKSA-3z86-fk6c-ct2p CVE-2016-3729 GHSA-g96h-wvrm-c2ww
Affected version: >=2.7,<2.7.14|>=2.8,<2.8.12|>=2.9,<2.9.6|>=3.0,<3.0.3
Reported by:
GitHub -
[MEDIUM] Moodle sensitive information disclosure
PKSA-3vth-zrsr-xtzw CVE-2016-3732 GHSA-5282-96ff-xx3h
Affected version: >=2.7.0,<=2.7.13|>=2.8.0,<=2.8.11|>=2.9.0,<=2.9.5|>=3.0.0,<=3.0.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control
PKSA-fjjn-ck2v-kb6z CVE-2016-3733 GHSA-gr8j-qm8r-rfgg
Affected version: >=3.0,<3.0.4|>=2.9,<2.9.6|>=2.8,<2.8.12|>=2.7,<2.7.14
Reported by:
GitHub -
[HIGH] Moodle Cross-site request forgery (CSRF) vulnerability
PKSA-6zhw-kkgc-pssc CVE-2016-3734 GHSA-r867-v437-4rrm
Affected version: >=3.0,<3.0.4|>=2.9,<2.9.6|>=2.8,<2.8.12|<2.7.14
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated Spelling Binary Remote Code Execution
PKSA-p2wj-rt9d-nvm3 CVE-2013-3630 GHSA-wxqg-fg7v-mmc6
Affected version: <=2.5.2
Reported by:
GitHub -
[MEDIUM] Moodle Logged in users could view all calendar events
PKSA-x8cr-ypm1-9g2f CVE-2019-3848 GHSA-45rw-4r25-jvg7
Affected version: >=3.6,<3.6.3|>=3.5,<3.5.5|>=3.4,<3.4.8
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-yj7v-phmm-zs3f CVE-2019-3847 GHSA-qrcj-6fjw-3h9h
Affected version: <3.1.17|>=3.2.0,<3.4.8|>=3.5.0,<3.5.5|>=3.6.0,<3.6.3
Reported by:
GitHub -
[MEDIUM] Moodle XSS Vulnerability
PKSA-dj4f-zxd7-wbmg CVE-2019-3810 GHSA-wm4w-8vc6-2j4h
Affected version: >=3.1.0,<3.1.15|>=3.4.0,<3.4.6|>=3.5.0,<3.5.3|>=3.6.0,<3.6.1
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site scripting
PKSA-h71h-qpqv-34w9 CVE-2008-1502 GHSA-v759-3wr5-p294
Affected version: <1.8.5
Reported by:
GitHub -
[MEDIUM] Moodle does not properly validate module instance id
PKSA-647w-5d9x-txgr CVE-2006-4936 GHSA-h9w8-4376-j344
Affected version: <1.6.2
Reported by:
GitHub -
[MEDIUM] Improper Authentication in moodle
PKSA-pjh1-h464-6bwp CVE-2022-0985 GHSA-6q9g-3vfq-q2qj
Affected version: >=3.9,<3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Missing authorization in Moodle
PKSA-wnz7-3jhx-ydz3 CVE-2022-0984 GHSA-c5hf-mc85-2hx4
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Moodle included private user files in course backups
PKSA-9tfh-cdnv-fmjp CVE-2012-1159 GHSA-p9hr-f4xj-8w8r
Affected version: <1.9.17|>=2.0,<=2.0.7|>=2.1,<=2.1.4|>=2.2,<=2.2.1
Reported by:
GitHub -
[HIGH] Moodle backs up private files
PKSA-qp9g-4jpp-b19v CVE-2012-1156 GHSA-358r-g2xw-7c83
Affected version: >=2.0,<=2.0.7|>=2.1,<=2.1.4|>=2.2,<=2.2.1
Reported by:
GitHub -
[MEDIUM] Moodle default permissions too permissive
PKSA-wf2t-v729-fqmc CVE-2012-1157 GHSA-2x36-7xfm-pgm7
Affected version: <1.9.17|>=2.0,<=2.0.7|>=2.1,<=2.1.4|>=2.2,<=2.2.1
Reported by:
GitHub -
[HIGH] SQL Injection in Moodle
PKSA-3tp5-6sqk-x25n CVE-2022-0983 GHSA-h2fw-93qx-vrcq
Affected version: <3.9.13|>=3.10.0,<3.10.10|>=3.11.0,<3.11.6
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting
PKSA-hfs3-3b1m-7tfs CVE-2021-32475 GHSA-5wjh-v7c8-wrhx
Affected version: >=3.10,<3.10.4|>=3.9,<3.9.7|>=3.8,<3.8.9|>=3.5,<3.5.18
Reported by:
GitHub -
[HIGH] Moodle denial-of-service risk in the draft files area
PKSA-qqmk-nzz9-zdbh CVE-2021-32476 GHSA-4qxc-qxrp-33cw
Affected version: >=3.5.17,<3.5.18|>=3.8,<3.8.9|>=3.9,<3.9.7|>=3.10,<3.10.4
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-1tf5-r7vk-wws8 CVE-2021-32472 GHSA-454r-jccq-96q8
Affected version: >=3.10.0,<3.10.4|>=3.9.0,<3.9.7|>=3.8.0,<3.8.9
Reported by:
GitHub -
[MEDIUM] Moodle Information Disclosure vulnerability
PKSA-4pts-cqhb-rsvr CVE-2021-32473 GHSA-wx87-h539-4775
Affected version: >=3.10,<3.10.4|>=3.9,<3.9.7|>=3.8,<3.8.9|>=3.5,<3.5.18
Reported by:
GitHub -
[HIGH] Moodle Blind SQL injection possible via MNet authentication
PKSA-hbq8-nyn2-ssf4 CVE-2021-32474 GHSA-rvmc-8gmg-ggqr
Affected version: >=3.5,<3.5.18|>=3.8,<3.8.9|>=3.9,<3.9.7|>=3.10,<3.10.4
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor
PKSA-q88h-4qyk-359z CVE-2021-32477 GHSA-vrpr-2xxx-g444
Affected version: >=3.10,<3.10.4
Reported by:
GitHub -
[MEDIUM] Moodle reflected XSS
PKSA-tqnf-kvrx-jqnz CVE-2021-32478 GHSA-78fm-qhh8-8858
Affected version: >=3.8,<=3.8.8|>=3.9,<=3.9.6|>=3.10,<=3.10.3
Reported by:
GitHub -
[CRITICAL] SQL injection in Moodle
PKSA-xq5f-pskz-nd9p CVE-2022-0332 GHSA-6jhm-4vmx-mr76
Affected version: >=3.11,<3.11.5
Reported by:
GitHub -
[LOW] Insufficient user authorization in Moodle
PKSA-9zbz-v465-kgkg CVE-2022-0333 GHSA-m434-m5pv-p35w
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[MEDIUM] Insufficient user authorization in Moodle
PKSA-bnvf-vkcb-sdkk CVE-2022-0334 GHSA-93pj-4p65-qmr9
Affected version: <3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[HIGH] Cross Site Request Forgery in Moodle
PKSA-5jbg-f5mn-rr6y CVE-2022-0335 GHSA-xpfv-89vg-r562
Affected version: >=3.9,<3.9.11|>=3.10,<3.10.8|>=3.11,<3.11.5
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery in Moodle
PKSA-h8xw-wmt7-hqxg CVE-2020-1692 GHSA-9328-7pcw-vw69
Affected version: <3.7.2
Reported by:
GitHub -
[CRITICAL] Moodle vulnerable to RCE via unsafe deserialization
PKSA-25fk-g12d-tpq4 CVE-2021-3943 GHSA-8jhp-2gcr-qw96
Affected version: >=3.9,<=3.9.10|>=3.10,<=3.10.7|>=3.11,<=3.11.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in moodle
PKSA-3z9j-mn6z-3fqz CVE-2021-43558 GHSA-wpfp-q843-v772
Affected version: >=3.9.0,<3.9.11|>=3.10.0,<3.10.8|>=3.11.0,<3.11.4
Reported by:
GitHub -
[MEDIUM] Exposure of Sensitive Information to an Unauthorized Actor in Moodle
PKSA-1982-gdwp-4gm4 CVE-2020-25703 GHSA-c7v4-m269-4995
Affected version: >=3.10.0-beta,<3.10.0|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Moodle allowed some users without permission to view other users' full names
PKSA-tnmv-jjt6-h4ky CVE-2021-20281 GHSA-93wh-35r4-6qmw
Affected version: >=3.5,<3.5.17|>=3.8.0,<3.8.8|>=3.9.0,<3.9.5|>=3.10.0,<3.10.2
Reported by:
GitHub -
[MEDIUM] Cross site-scripting (XSS) moodle
PKSA-vh6q-bcyd-68gs CVE-2020-25628 GHSA-5x33-h32w-6vr2
Affected version: >=3.5,<3.5.14|>=3.7.0,<3.7.8|>=3.8.0,<3.8.5|>=3.9.0,<3.9.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in moodle
PKSA-g8b1-hdp7-w1sp CVE-2020-25702 GHSA-pgcp-m69h-p2gr
Affected version: >=3.9.0,<3.9.3
Reported by:
GitHub -
[HIGH] Privilage Escalation in moodle
PKSA-9c8q-s2rm-8gsf CVE-2020-25699 GHSA-h77r-rp97-7rv4
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Privilage Escalation in moodle
PKSA-vsf8-3sc8-km59 CVE-2020-25701 GHSA-c9hq-g4q8-w893
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[HIGH] Improper Access Control in moodle
PKSA-yy28-4517-tj4d CVE-2020-25698 GHSA-vxhx-gmhm-623c
Affected version: >=3.5,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] SQL Injection in moodle
PKSA-pwpb-wrfj-8scj CVE-2020-25700 GHSA-7h8v-2v8x-h264
Affected version: >=3.5.0,<3.5.15|>=3.7.0,<3.7.9|>=3.8.0,<3.8.6|>=3.9.0,<3.9.3
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
PKSA-3ch1-bgkj-pfgm CVE-2021-20280 GHSA-x2jp-hh65-4xvf
Affected version: >=3.5,<3.5.17|>=3.8,<3.8.8|>=3.9,<3.9.5|>=3.10,<3.10.2
Reported by:
GitHub