Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
8.8
CVSSv3
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
Moodle Moodle 4.1.0
Moodle Moodle 4.1.1
8.8
CVSSv3
CVE-2022-2986
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
Moodle Moodle
8.8
CVSSv3
CVE-2020-14321
In Moodle prior to 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
Moodle Moodle
Moodle Moodle 3.9.0
4 Github repositories
8.8
CVSSv3
CVE-2022-0983
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
8.8
CVSSv3
CVE-2022-0335
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and previous versions unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
8.8
CVSSv3
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and previous versions unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Extra Packages For Enterprise Linux 7.0
8.8
CVSSv3
CVE-2020-25629
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, ...
Moodle Moodle
8.8
CVSSv3
CVE-2020-10738
A flaw was found in Moodle versions 3.8 prior to 3.8.3, 3.7 prior to 3.7.6, 3.6 prior to 3.6.10, 3.5 prior to 3.5.12 and previous versions unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via we...
Moodle Moodle
8.8
CVSSv3
CVE-2019-10186
A flaw was found in moodle prior to 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Moodle Moodle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »