Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 3.11.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
Fedoraproject Fedora 36
8.8
CVSSv3
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.5
CVSSv3
CVE-2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.1
CVSSv3
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.1
CVSSv3
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
5.4
CVSSv3
CVE-2021-36398
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle 3.11.0
5.4
CVSSv3
CVE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle 3.11.0
5.4
CVSSv3
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cr...
Moodle Moodle 3.10.4
Moodle Moodle 3.9.7
Moodle Moodle 3.11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.3
CVSSv3
CVE-2022-40208
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 3.11.0
Moodle Moodle
4.3
CVSSv3
CVE-2023-1402
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »