Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.4.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2244
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x prior to 2.4.5 and 2.5.x prior to 2.5.1 allow remote malicious users to inject arbitrary web script or HTML via the conditional access rule value of a user field.
Moodle Moodle 2.4.2
Moodle Moodle 2.4.1
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
NA
CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 allow remote malicious users to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.4.2
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.5.0
1 EDB exploit
NA
CVE-2014-0008
lib/adminlib.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Moodle Moodle 2.5.3
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.6.0
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.7
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle
Moodle Moodle 2.3.0
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.1
NA
CVE-2013-4313
Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote malicious users to conduct SQL injection attacks against Microsoft SQL Server via a...
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.2.9
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.2.10
Moodle Moodle
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.5.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.7
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
NA
CVE-2012-6087
repository/s3/S3.php in the Amazon S3 library in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o...
Moodle Moodle 2.5.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.8
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.6
Moodle Moodle 2.2.7
Moodle Moodle 2.5.1
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.10
Moodle Moodle 2.2.8
Moodle Moodle 2.2.9
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle
NA
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
NA
CVE-2013-2245
rss/file.php in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, and 2.5.x prior to 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block in...
Moodle Moodle 2.1.10
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
Moodle Moodle 2.1.7
Moodle Moodle 2.1.3
Moodle Moodle 2.1.5
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.8
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.7
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.10
Moodle Moodle 2.2.9
NA
CVE-2013-2243
mod/lesson/pagetypes/matching.php in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, and 2.5.x prior to 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.9
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.7
Moodle Moodle 2.1.8
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.2.7
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.2.11
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.8
Moodle Moodle 2.2.4
Moodle Moodle 2.2.10
NA
CVE-2013-4938
The LTI (aka IMS-LTI) mod_form implementation in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, and 2.5.x prior to 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote ma...
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.8
Moodle Moodle 2.1.0
Moodle Moodle 2.1.9
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.6
Moodle Moodle 2.1.7
Moodle Moodle 2.2.4
Moodle Moodle 2.2.10
Moodle Moodle 2.2.0
Moodle Moodle 2.2.9
Moodle Moodle 2.2.3
Moodle Moodle 2.2.8
Moodle Moodle 2.2.6
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.5
NA
CVE-2013-2242
mod/chat/gui_sockets/index.php in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.11, 2.3.x prior to 2.3.8, 2.4.x prior to 2.4.5, and 2.5.x prior to 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated u...
Moodle Moodle 2.1.9
Moodle Moodle 2.1.10
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.7
Moodle Moodle 2.1.8
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.8
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.9
Moodle Moodle 2.2.7
Moodle Moodle 2.2.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.1
Moodle Moodle 2.2.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »