Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content...
Moodle Moodle 4.3.0
6.1
CVSSv3
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
Moodle Moodle 4.2.0
Moodle Moodle
6.3
CVSSv3
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and previous versions unsupported versions.
Moodle Moodle 4.2.0
Moodle Moodle
7.5
CVSSv3
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and previous versions unsupported versions.
Moodle Moodle 4.2.0
Moodle Moodle
5.4
CVSSv3
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an malicious user to ste...
Moodle Moodle 3.10.1
5.3
CVSSv3
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
Moodle Moodle
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
3 Github repositories
7.3
CVSSv3
CVE-2023-30944
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the applica...
Moodle Moodle
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.3
CVSSv3
CVE-2022-40208
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 3.11.0
Moodle Moodle
4.3
CVSSv3
CVE-2023-1402
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
8.8
CVSSv3
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »