Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.1.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4309
Moodle 2.0.x prior to 2.0.5 and 2.1.x prior to 2.1.2 allows remote malicious users to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
NA
CVE-2011-4298
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x prior to 2.0.5 and 2.1.x prior to 2.1.2 allow remote malicious users to hijack the authentication of arbitrary users for requests that modify wiki data.
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
NA
CVE-2011-4300
The file_browser component in Moodle 2.0.x prior to 2.0.5 and 2.1.x prior to 2.1.2 does not properly restrict access to category and course data, which allows remote malicious users to obtain potentially sensitive information via a request for a file.
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
NA
CVE-2011-4304
The chat functionality in Moodle 2.0.x prior to 2.0.5 and 2.1.x prior to 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
NA
CVE-2011-4581
mod/wiki/pagelib.php in Moodle 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.0.5
Moodle Moodle 2.0.0
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.0
NA
CVE-2011-4583
Moodle 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
Moodle Moodle 2.1.1
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.0
Moodle Moodle 2.0.1
Moodle Moodle 2.0.2
Moodle Moodle 2.0.3
Moodle Moodle 2.0.5
NA
CVE-2011-4590
The web services implementation in Moodle 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting...
Moodle Moodle 2.0.1
Moodle Moodle 2.0.2
Moodle Moodle 2.0.3
Moodle Moodle 2.0.4
Moodle Moodle 2.0.5
Moodle Moodle 2.0.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
NA
CVE-2012-2353
Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.1
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
NA
CVE-2012-2355
Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.1
Moodle Moodle 2.1.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.2.2
NA
CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 does not use HTTPS, which allows remote malicious users to obtain credentials by sniffing the network.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »