Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.9.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2015-5331
Moodle 2.9.x prior to 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
6.8
CVSSv3
CVE-2015-5332
Atto in Moodle 2.8.x prior to 2.8.9 and 2.9.x prior to 2.9.3 allows remote malicious users to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.5
4.3
CVSSv3
CVE-2016-2155
The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings b...
Moodle Moodle 3.0.2
Moodle Moodle 3.0.1
Moodle Moodle 2.8.9
Moodle Moodle 2.8.8
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.10
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 3.0.0
Moodle Moodle 2.9.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
4.3
CVSSv3
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to ...
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 3.0.0
Moodle Moodle 2.9.4
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 3.0.2
Moodle Moodle 3.0.1
Moodle Moodle 2.8.10
Moodle Moodle 2.8.9
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
6.1
CVSSv3
CVE-2016-0725
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x prior to 2.8.10, 2.9.x prior to 2.9.4, and 3.0.x prior to 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Moodle Moodle 3.0.1
Moodle Moodle 3.0.0
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.8.4
Moodle Moodle 2.8.3
Moodle Moodle 2.9.0
Moodle Moodle 2.8.9
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.8.0
5.3
CVSSv3
CVE-2016-3731
Moodle 3.0 up to and including 3.0.3, 2.9 up to and including 2.9.5, and 2.8 up to and including 2.8.11 allows remote malicious users to obtain the names of hidden forums and forum discussions.
Moodle Moodle 2.9.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.7
Moodle Moodle 2.8.8
Moodle Moodle 2.8.9
Moodle Moodle 2.8.2
Moodle Moodle 2.8.4
Moodle Moodle 2.8.11
Moodle Moodle 2.8.1
Moodle Moodle 2.9.4
Moodle Moodle 3.0.3
Moodle Moodle 3.0.0
Moodle Moodle 3.0.1
Moodle Moodle 2.9.3
Moodle Moodle 2.8.3
Moodle Moodle 2.8.5
Moodle Moodle 2.8.10
Moodle Moodle 2.8.0
Moodle Moodle 2.9.5
Moodle Moodle 3.0.2
4.3
CVSSv3
CVE-2015-5335
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote malicious users to hijack the authentication of administrators for requests...
Moodle Moodle 2.8.4
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.8.8
Moodle Moodle 2.8.6
Moodle Moodle 2.7.9
Moodle Moodle 2.7.7
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.8.7
Moodle Moodle 2.8.5
Moodle Moodle 2.8.0
Moodle Moodle 2.7.8
Moodle Moodle 2.7.6
4.3
CVSSv3
CVE-2015-5339
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users ...
Moodle Moodle 2.9.0
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.8.0
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
Moodle Moodle 2.8.8
Moodle Moodle 2.9.1
Moodle Moodle 2.8.4
Moodle Moodle 2.8.2
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.10
Moodle Moodle 2.9.2
Moodle Moodle 2.8.3
Moodle Moodle 2.8.1
4.3
CVSSv3
CVE-2015-5340
Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/ove...
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.7.9
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.10
Moodle Moodle 2.7.1
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.7.7
Moodle Moodle 2.7.5
Moodle Moodle
Moodle Moodle 2.8.5
Moodle Moodle 2.8.3
Moodle Moodle 2.7.8
4.3
CVSSv3
CVE-2015-5342
The choice module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
Moodle Moodle 2.7.10
Moodle Moodle 2.8.8
Moodle Moodle 2.9.2
Moodle Moodle 2.7.6
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.9.1
Moodle Moodle 2.8.7
Moodle Moodle 2.8.0
Moodle Moodle 2.7.8
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.9.0
Moodle Moodle 2.8.6
Moodle Moodle 2.7.9
Moodle Moodle 2.7.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »