Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.5 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
7.5
CVSSv2
CVE-2014-7845
The generate_password function in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote malicious users to obtain access via a brute-force a...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
5
CVSSv2
CVE-2014-7847
iplookup/index.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote malicious users to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.7.0
Moodle Moodle 2.7.2
4
CVSSv2
CVE-2014-7831
lib/classes/grades_external.php in Moodle 2.7.x prior to 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades...
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.8
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
4
CVSSv2
CVE-2014-7832
mod/lti/launch.php in the LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod...
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
4
CVSSv2
CVE-2014-7833
mod/data/edit.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the data...
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
4
CVSSv2
CVE-2014-7834
mod/forum/externallib.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
2.1
CVSSv2
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) atta...
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.5.6
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.3
Moodle Moodle 2.7.2
6.8
CVSSv2
CVE-2014-7836
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allow remote malicious users to hijack the authentication of arbitrary users for a (1) mod/lti/r...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.7.0
Moodle Moodle 2.7.2
5.5
CVSSv2
CVE-2014-7837
mod/wiki/admin.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »