Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-5674
badges/external.php in Moodle 2.5.x prior to 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote malicious users to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting ...
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
1 Github repository
NA
CVE-2013-2244
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x prior to 2.4.5 and 2.5.x prior to 2.5.1 allow remote malicious users to inject arbitrary web script or HTML via the conditional access rule value of a user field.
Moodle Moodle 2.4.2
Moodle Moodle 2.4.1
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
NA
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
NA
CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 allow remote malicious users to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.4.2
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.5.0
1 EDB exploit
NA
CVE-2014-9059
lib/setup.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide charset information in HTTP headers, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via UTF-7 characte...
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
NA
CVE-2014-9060
The LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote malicious users to trigger the generation of arbitrary messages via a modi...
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
NA
CVE-2014-7836
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allow remote malicious users to hijack the authentication of arbitrary users for a (1) mod/lti/r...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.7.0
Moodle Moodle 2.7.2
NA
CVE-2014-7837
mod/wiki/admin.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
NA
CVE-2014-7838
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allow remote malicious users to hijack the authentication of arbitrary users for requests that...
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
NA
CVE-2014-7845
The generate_password function in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote malicious users to obtain access via a brute-force a...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »