Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.2 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
NA
CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) t...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.4
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.8.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.7
Moodle Moodle 2.7.0
Moodle Moodle 2.7.5
Moodle Moodle 2.8.1
Moodle Moodle
1 EDB exploit
NA
CVE-2015-2271
tag/user.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended ac...
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.8.1
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
NA
CVE-2015-1493
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.8, 2.7.x prior to 2.7.5, and 2.8.x prior to 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot)...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
NA
CVE-2015-0211
mod/lti/ajax.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows ...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
NA
CVE-2015-0212
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
NA
CVE-2015-0214
message/externallib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.6
Moodle Moodle 2.5.6
Moodle Moodle 2.5.4
Moodle Moodle 2.6.4
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
Moodle Moodle 2.8.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.5
Moodle Moodle 2.6.3
Moodle Moodle 2.7.0
NA
CVE-2015-0218
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote malicious users to hijack the authentication of arbitrary users for requests that ...
Moodle Moodle
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.6
Moodle Moodle 2.6.4
Moodle Moodle 2.7.1
Moodle Moodle 2.8.0
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.0
NA
CVE-2015-0215
calendar/externallib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.8.0
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.0
Moodle Moodle 2.6.5
Moodle Moodle 2.7.2
Moodle Moodle 2.7.0
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.5.1
Moodle Moodle 2.6.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.1
NA
CVE-2015-3175
Multiple open redirect vulnerabilities in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page...
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.7.7
Moodle Moodle 2.7.6
Moodle Moodle 2.8.0
Moodle Moodle 2.8.1
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.8.4
Moodle Moodle 2.8.5
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.6.10
Moodle Moodle 2.6.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »