Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.2.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4400
repository/repository_ajax.php in Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2012-4401
Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2012-5472
lib/formslib.php in Moodle 2.2.x prior to 2.2.6 and 2.3.x prior to 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.
Moodle Moodle 2.2.2
Moodle Moodle 2.3.1
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.3.2
Moodle Moodle 2.2.4
NA
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an ...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allows remote malicious users to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6103
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to hijack the authentication of arbitrary users for requests th...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comm...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-4402
webservice/lib.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one servic...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 does not properly check the publication state of blog files, which allows remote malicious users to obtain sensitive information by reading a blog entry that references a non-public fil...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2012-4408
course/reset.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »