Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.3.5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read ...
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.0
NA
CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 allow remote malicious users to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.4.2
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.4.4
Moodle Moodle 2.3.3
Moodle Moodle 2.3.7
Moodle Moodle 2.3.2
Moodle Moodle 2.4.5
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
Moodle Moodle 2.5.0
1 EDB exploit
NA
CVE-2013-2080
The core_grade component in Moodle up to and including 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and read...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.2.6
Moodle Moodle 2.2.8
Moodle Moodle 2.2.10
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.0
NA
CVE-2014-0008
lib/adminlib.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.6
Moodle Moodle 2.4.4
Moodle Moodle 2.4.7
Moodle Moodle 2.4.5
Moodle Moodle 2.4.0
Moodle Moodle 2.3.8
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.10
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle
Moodle Moodle 2.3.7
NA
CVE-2012-6087
repository/s3/S3.php in the Amazon S3 library in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o...
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.2.2
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.2.9
Moodle Moodle 2.4.2
Moodle Moodle 2.2.6
Moodle Moodle 2.3.6
Moodle Moodle 2.2.8
Moodle Moodle 2.3.5
Moodle Moodle 2.4.4
Moodle Moodle 2.3.3
Moodle Moodle 2.2.10
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.3.7
NA
CVE-2013-4313
Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote malicious users to conduct SQL injection attacks against Microsoft SQL Server via a...
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.2.2
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.2.9
Moodle Moodle 2.4.2
Moodle Moodle 2.2.6
Moodle Moodle 2.3.6
Moodle Moodle 2.2.8
Moodle Moodle 2.3.5
Moodle Moodle 2.4.4
Moodle Moodle 2.3.3
Moodle Moodle 2.2.10
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.3.7
NA
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.9
Moodle Moodle 2.4.2
Moodle Moodle 2.4.6
Moodle Moodle 2.4.4
Moodle Moodle 2.4.7
Moodle Moodle 2.4.5
Moodle Moodle 2.4.8
Moodle Moodle 2.4.10
Moodle Moodle 2.4.0
Moodle Moodle 2.3.8
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.10
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle
Moodle Moodle 2.3.7
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
NA
CVE-2013-2083
The MoodleQuickForm class in lib/formslib.php in Moodle up to and including 2.1.10, 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not properly handle a certain array-element syntax, which allows remote malicious users to bypass intended form-data filt...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.10
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.2.6
Moodle Moodle 2.2.8
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.4
NA
CVE-2013-2081
Moodle up to and including 2.1.10, 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.10
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.2.6
Moodle Moodle 2.2.8
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.4
NA
CVE-2013-2082
Moodle up to and including 2.1.10, 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, and 2.4.x prior to 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote malicious users to obtain sensitive information via a crafted request.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.10
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.9
Moodle Moodle 2.2.6
Moodle Moodle 2.2.8
Moodle Moodle 2.2.1
Moodle Moodle 2.2.7
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »