Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2019-3809
A flaw was found in Moodle versions 3.1 to 3.1.15 and previous versions unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via r...
Moodle Moodle
9.8
CVSSv3
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
9.8
CVSSv3
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
Moodle Moodle
2 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-36392
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
Moodle Moodle
1 Github repository
9.8
CVSSv3
CVE-2021-36393
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
Moodle Moodle
2 Github repositories
9.8
CVSSv3
CVE-2022-40314
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
Moodle Moodle
9.8
CVSSv3
CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerabilit...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
9.8
CVSSv3
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »