Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
9.8
CVSSv3
CVE-2022-0332
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
Moodle Moodle
1 Github repository
9.8
CVSSv3
CVE-2021-3943
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and previous versions unsupported versions. A remote code execution risk when restoring backup files was identified.
Moodle Moodle
9.8
CVSSv3
CVE-2019-15536
The Acclaim block plugin prior to 2019-06-26 for Moodle allows SQL Injection via delete_records.
Youracclaim Acclaim
9.8
CVSSv3
CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Moodle Moodle 2.7.6
Moodle Moodle 2.7.7
Moodle Moodle 2.7.8
Moodle Moodle 2.7.15
Moodle Moodle 2.7.16
Moodle Moodle 3.0.1
Moodle Moodle 3.0.2
Moodle Moodle 3.0.0
Moodle Moodle 3.2.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.9
Moodle Moodle 2.7.10
Moodle Moodle 2.7.17
Moodle Moodle 2.7.18
Moodle Moodle 3.0.3
Moodle Moodle 3.0.4
Moodle Moodle 3.1.0
Moodle Moodle 3.1.4
Moodle Moodle 2.7.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.11
Moodle Moodle 2.7.12
1 EDB exploit
9.1
CVSSv3
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An at...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 37
9.1
CVSSv3
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
9.1
CVSSv3
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 prior to 3.7.3, 3.6 prior to 3.6.7, 3.5 prior to 3.5.9 and previous versions. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compro...
Moodle Moodle
8.8
CVSSv3
CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »