Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1829
calendar/managesubscriptions.php in Moodle 2.4.x prior to 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Moodle Moodle 2.4.1
Moodle Moodle 2.4.0
NA
CVE-2012-6102
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x prior to 2.3.4 and 2.4.x prior to 2.4.1 allows remote malicious users to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2013-2244
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x prior to 2.4.5 and 2.5.x prior to 2.5.1 allow remote malicious users to inject arbitrary web script or HTML via the conditional access rule value of a user field.
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.4
Moodle Moodle 2.4.0
Moodle Moodle 2.5.0
NA
CVE-2012-6106
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x prior to 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar objec...
Moodle Moodle 2.4.0
NA
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read ...
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.0
NA
CVE-2012-6100
report/outline/index.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an ...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allows remote malicious users to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6103
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to hijack the authentication of arbitrary users for requests th...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comm...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 allow remote malicious users to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
Moodle Moodle 2.3.8
Moodle Moodle 2.5.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.1
Moodle Moodle
Moodle Moodle 2.4.2
Moodle Moodle 2.3.6
Moodle Moodle 2.3.5
Moodle Moodle 2.4.4
Moodle Moodle 2.3.3
Moodle Moodle 2.3.7
Moodle Moodle 2.3.2
Moodle Moodle 2.4.5
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
Moodle Moodle 2.5.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »