Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
7.8
CVSSv2
CVE-2007-1647
Moodle 1.5.2 and previous versions stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote malicious users to obtain user names, password hashes, and other sensitive information via a direct request fo...
Moodle Moodle
1 EDB exploit
7.5
CVSSv2
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv2
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
7.5
CVSSv2
CVE-2022-0332
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
Moodle Moodle
1 Github repository
7.5
CVSSv2
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and previous versions unsupported versions. A remote code execution risk when restoring backup files was identified.
Moodle Moodle
7.5
CVSSv2
CVE-2019-15536
The Acclaim block plugin prior to 2019-06-26 for Moodle allows SQL Injection via delete_records.
Youracclaim Acclaim
7.5
CVSSv2
CVE-2019-3809
A flaw was found in Moodle versions 3.1 to 3.1.15 and previous versions unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via r...
Moodle Moodle
7.5
CVSSv2
CVE-2018-10891
A flaw was found in moodle prior to 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
Moodle Moodle
7.5
CVSSv2
CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Moodle Moodle 2.7.6
Moodle Moodle 2.7.7
Moodle Moodle 2.7.8
Moodle Moodle 2.7.15
Moodle Moodle 2.7.16
Moodle Moodle 3.0.1
Moodle Moodle 3.0.2
Moodle Moodle 3.0.0
Moodle Moodle 3.2.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.9
Moodle Moodle 2.7.10
Moodle Moodle 2.7.17
Moodle Moodle 2.7.18
Moodle Moodle 3.0.3
Moodle Moodle 3.0.4
Moodle Moodle 3.1.0
Moodle Moodle 3.1.4
Moodle Moodle 2.7.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.11
Moodle Moodle 2.7.12
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »