Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.2 vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
4
CVSSv2
CVE-2015-2266
message/index.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sen...
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.0
Moodle Moodle 2.6.7
Moodle Moodle 2.6.0
Moodle Moodle 2.7.4
Moodle Moodle 2.8.3
Moodle Moodle 2.8.1
Moodle Moodle 2.5.8
4
CVSSv2
CVE-2015-2267
mdeploy.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.5
Moodle Moodle 2.6.3
Moodle Moodle 2.7.4
Moodle Moodle 2.7.2
3.5
CVSSv2
CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) t...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.4
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.8.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.7
Moodle Moodle 2.7.0
Moodle Moodle 2.7.5
Moodle Moodle 2.8.1
Moodle Moodle
1 EDB exploit
4.3
CVSSv2
CVE-2015-2270
lib/moodlelib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote mal...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.7
Moodle Moodle 2.5.8
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.6.6
Moodle Moodle 2.6.7
Moodle Moodle 2.6.8
Moodle Moodle
Moodle Moodle 2.7.4
Moodle Moodle 2.7.5
Moodle Moodle 2.8.0
Moodle Moodle 2.8.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.5
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.7.2
Moodle Moodle 2.8.3
3.5
CVSSv2
CVE-2015-2273
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML ...
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.8.3
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.8
Moodle Moodle 2.6.1
Moodle Moodle 2.7.5
Moodle Moodle 2.7.0
Moodle Moodle 2.8.1
Moodle Moodle
Moodle Moodle 2.5.7
4
CVSSv2
CVE-2015-2272
login/token.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.8.0
Moodle Moodle 2.8.1
6.8
CVSSv2
CVE-2015-2268
filter/urltolink/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.8.1
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
4
CVSSv2
CVE-2015-2271
tag/user.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended ac...
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.8.1
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
6.8
CVSSv2
CVE-2015-1493
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.8, 2.7.x prior to 2.7.5, and 2.8.x prior to 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot)...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »