Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.4.1 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2013-1829
calendar/managesubscriptions.php in Moodle 2.4.x prior to 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Moodle Moodle 2.4.1
Moodle Moodle 2.4.0
383
VMScore
CVE-2013-2244
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x prior to 2.4.5 and 2.5.x prior to 2.5.1 allow remote malicious users to inject arbitrary web script or HTML via the conditional access rule value of a user field.
Moodle Moodle 2.4.2
Moodle Moodle 2.4.1
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
356
VMScore
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read ...
Moodle Moodle 2.3.4
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.4.3
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
435
VMScore
CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 allow remote malicious users to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.4.2
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.5.0
1 EDB exploit
356
VMScore
CVE-2013-2080
The core_grade component in Moodle up to and including 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and read...
Moodle Moodle 2.2.6
Moodle Moodle 2.2.7
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.2.10
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.8
Moodle Moodle 2.2.9
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.4
Moodle Moodle 2.4.3
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
356
VMScore
CVE-2014-0008
lib/adminlib.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Moodle Moodle 2.5.3
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.6.0
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.7
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle
Moodle Moodle 2.3.0
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.1
516
VMScore
CVE-2012-6087
repository/s3/S3.php in the Amazon S3 library in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o...
Moodle Moodle 2.5.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.8
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.6
Moodle Moodle 2.2.7
Moodle Moodle 2.5.1
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.10
Moodle Moodle 2.2.8
Moodle Moodle 2.2.9
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle
668
VMScore
CVE-2013-4313
Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote malicious users to conduct SQL injection attacks against Microsoft SQL Server via a...
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.2.9
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.2.10
Moodle Moodle
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.5.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.7
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
534
VMScore
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
383
VMScore
CVE-2013-2081
Moodle up to and including 2.1.10, 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
Moodle Moodle 2.1.3
Moodle Moodle 2.1.8
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.7
Moodle Moodle 2.2.8
Moodle Moodle 2.2.5
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.3.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »