Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.2.6 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allows remote malicious users to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
Moodle Moodle 2.2.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.4
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.1
Moodle Moodle 2.4.0
5.8
CVSSv2
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comm...
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.2.0
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.6
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.1
Moodle Moodle 2.4.0
4
CVSSv2
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an ...
Moodle Moodle 2.2.0
Moodle Moodle 2.2.6
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.4.0
6.8
CVSSv2
CVE-2012-6103
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to hijack the authentication of arbitrary users for requests th...
Moodle Moodle 2.2.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.6
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.2
Moodle Moodle 2.2.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
4
CVSSv2
CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveragi...
Moodle Moodle 2.1.1
Moodle Moodle 2.1.8
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.6
Moodle Moodle 2.1.2
Moodle Moodle 2.1.7
Moodle Moodle 2.1.9
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.2.0
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.6
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
5
CVSSv2
CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote malicious users to obtain sensitive information by reading this feed.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.6
Moodle Moodle 2.1.7
Moodle Moodle 2.1.1
Moodle Moodle 2.1.8
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.9
Moodle Moodle 2.2.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.6
Moodle Moodle 2.3.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.4.0
4
CVSSv2
CVE-2013-2080
The core_grade component in Moodle up to and including 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and read...
Moodle Moodle 2.2.6
Moodle Moodle 2.2.7
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.2.10
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.8
Moodle Moodle 2.2.9
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.4
Moodle Moodle 2.4.3
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
7.5
CVSSv2
CVE-2013-4313
Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote malicious users to conduct SQL injection attacks against Microsoft SQL Server via a...
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.2.9
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.2.10
Moodle Moodle
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.5.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.7
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
5.8
CVSSv2
CVE-2012-6087
repository/s3/S3.php in the Amazon S3 library in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o...
Moodle Moodle 2.5.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.8
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.6
Moodle Moodle 2.2.7
Moodle Moodle 2.5.1
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.10
Moodle Moodle 2.2.8
Moodle Moodle 2.2.9
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle
4.3
CVSSv2
CVE-2013-2081
Moodle up to and including 2.1.10, 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
Moodle Moodle 2.1.3
Moodle Moodle 2.1.8
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.7
Moodle Moodle 2.2.8
Moodle Moodle 2.2.5
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »