Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 1.5.2 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2007-1647
Moodle 1.5.2 and previous versions stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote malicious users to obtain user names, password hashes, and other sensitive information via a direct request fo...
Moodle Moodle
1 EDB exploit
7.5
CVSSv2
CVE-2008-4811
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and previous versions allows remote malicious users to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Smarty Smarty 2.6.14
Smarty Smarty 2.6.15
Smarty Smarty 2.6.16
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
Smarty Smarty 2.0.1
Smarty Smarty 2.0.0
Smarty Smarty 1.4.3
Smarty Smarty 1.4.2
Smarty Smarty 1.4.1
Smarty Smarty 1.2.2
Smarty Smarty 1.2.1
Smarty Smarty 2.6.10
Smarty Smarty 2.6.17
Smarty Smarty 2.6.6
Smarty Smarty 2.6.0
Smarty Smarty 2.4.0
Smarty Smarty 2.3.1
Smarty Smarty 1.5.2
Smarty Smarty 1.5.1
Smarty Smarty 1.4.0
Smarty Smarty 1.2.0
7.5
CVSSv2
CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a doub...
Smarty Smarty 2.6.0
Smarty Smarty 2.4.0
Smarty Smarty 2.3.1
Smarty Smarty 1.5.1
Smarty Smarty 1.5.0
Smarty Smarty 1.4.0
Smarty Smarty 1.2.0
Smarty Smarty 1.1.0
Smarty Smarty 1.0b
Smarty Smarty 2.6.7
Smarty Smarty 2.6.9
Smarty Smarty 2.6.11
Smarty Smarty 2.6.12
Smarty Smarty 2.5.0
Smarty Smarty 2.3.0
Smarty Smarty 2.2.0
Smarty Smarty 2.1.1
Smarty Smarty 1.4.6
Smarty Smarty 1.4.5
Smarty Smarty 1.3.2
Smarty Smarty 1.0a
Smarty Smarty 1.0
7.5
CVSSv2
CVE-2005-3648
Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote malicious users to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.
Moodle Moodle 1.5.2
6.8
CVSSv2
CVE-2013-4524
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.10, 2.4.x prior to 2.4.7, and 2.5.x prior to 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
Moodle Moodle 2.5.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.4
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.2.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.0
Moodle Moodle 2.1.8
Moodle Moodle 2.1.10
Moodle Moodle 2.1.0
Moodle Moodle 2.0.3
Moodle Moodle 2.0.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.4
Moodle Moodle 1.9.14
Moodle Moodle 1.9.12
Moodle Moodle 1.8.7
Moodle Moodle 1.8.5
Moodle Moodle 1.8.13
Moodle Moodle 1.8.11
Moodle Moodle 1.7.3
6.8
CVSSv2
CVE-2010-2231
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allows remote malicious users to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attempt...
Moodle Moodle 1.8.8
Moodle Moodle 1.8.7
Moodle Moodle 1.6.5
Moodle Moodle 1.6.4
Moodle Moodle 1.5
Moodle Moodle 1.5.1
Moodle Moodle 1.4.5
Moodle Moodle 1.4.4
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.11
Moodle Moodle 1.8.4
Moodle Moodle 1.8.3
Moodle Moodle 1.7.6
Moodle Moodle 1.7.4
Moodle Moodle 1.6.7
Moodle Moodle 1.6.0
Moodle Moodle 1.5.0
Moodle Moodle 1.4.1
Moodle Moodle 1.3.0
Moodle Moodle 1.3.3
Moodle Moodle 1.3.2
6.8
CVSSv2
CVE-2006-6626
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote malicious users to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details ar...
Moodle Moodle 1.5
Moodle Moodle 1.5.1
Moodle Moodle 1.5.3
Moodle Moodle 1.5.2
Moodle Moodle 1.6.1
5
CVSSv2
CVE-2013-4522
lib/filelib.php in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.10, 2.4.x prior to 2.4.7, and 2.5.x prior to 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote malicious users to obtain sensitive information by requesting a file that...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.2.9
Moodle Moodle 2.2.8
Moodle Moodle 2.2.7
Moodle Moodle 2.2.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.2
Moodle Moodle 2.4.5
Moodle Moodle 2.3.0
Moodle Moodle 2.3.5
Moodle Moodle 2.3.7
Moodle Moodle 2.2.4
Moodle Moodle 2.2.2
Moodle Moodle 2.1.7
Moodle Moodle 2.1.5
Moodle Moodle 2.1.1
Moodle Moodle 2.0.9
Moodle Moodle 2.0.2
Moodle Moodle 2.0.0
5
CVSSv2
CVE-2013-1831
lib/setuplib.php in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x prior to 2.4.2 allows remote malicious users to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
Moodle Moodle 2.1.10
Moodle Moodle 2.1.5
Moodle Moodle 2.1.0
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.0.5
Moodle Moodle 2.0.0
Moodle Moodle 1.8.8
Moodle Moodle 1.5
Moodle Moodle 1.6.3
Moodle Moodle 1.3.1
Moodle Moodle 1.9.8
Moodle Moodle 1.8.14
Moodle Moodle 1.5.2
Moodle Moodle 1.5.3
Moodle Moodle 1.8.7
Moodle Moodle 1.9.3
Moodle Moodle 1.8.10
Moodle Moodle 1.8.9
Moodle Moodle 1.9.2
5
CVSSv2
CVE-2013-1830
user/view.php in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x prior to 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote malicious users to obtain sensitive course-profile information by leveraging the guest ...
Fedoraproject Fedora 18
Fedoraproject Fedora 17
Moodle Moodle 2.2.4
Moodle Moodle 2.2.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
Moodle Moodle 2.2.7
Moodle Moodle 2.2.6
Moodle Moodle 2.2.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.3
Moodle Moodle 2.1.5
Moodle Moodle 2.1.2
Moodle Moodle 2.1.9
Moodle Moodle 2.0.3
Moodle Moodle 2.0.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »