Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 1.9.2 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2009-4305
SQL injection vulnerability in the SCORM module in Moodle 1.8 prior to 1.8.11 and 1.9 prior to 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
Moodle Moodle 1.8.2
Moodle Moodle 1.8.3
Moodle Moodle 1.8.4
Moodle Moodle 1.8.5
Moodle Moodle 1.8.7
Moodle Moodle 1.8.1
Moodle Moodle 1.8.9
Moodle Moodle 1.9.5
Moodle Moodle 1.9.1
Moodle Moodle 1.9.2
Moodle Moodle 1.9.3
Moodle Moodle 1.9.4
Moodle Moodle 1.8.8
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
570
VMScore
CVE-2009-0499
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4 allows remote malicious users to delete unauthorized forum posts via a link or IMG tag to post.php.
Moodle Moodle 1.7.5
Moodle Moodle 1.7.6
Moodle Moodle 1.8.5
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
Moodle Moodle 1.7.3
Moodle Moodle 1.7.4
Moodle Moodle 1.8.4
Moodle Moodle 1.8.6
Moodle Moodle 1.7.1
Moodle Moodle 1.7.2
Moodle Moodle 1.8.2
Moodle Moodle 1.8.3
Moodle Moodle 1.9.3
Moodle Moodle 1.8.1
Moodle Moodle 1.8.7
578
VMScore
CVE-2012-2363
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x prior to 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
Moodle Moodle 1.9.6
Moodle Moodle 1.9.5
Moodle Moodle 1.9.12
Moodle Moodle 1.9.13
Moodle Moodle 1.9.14
Moodle Moodle 1.9.7
Moodle Moodle 1.9.4
Moodle Moodle 1.9.10
Moodle Moodle 1.9.17
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
Moodle Moodle 1.9.3
Moodle Moodle 1.9.16
Moodle Moodle 1.9.15
Moodle Moodle 1.9.8
Moodle Moodle 1.9.9
516
VMScore
CVE-2011-4294
The error-message functionality in Moodle 1.9.x prior to 1.9.13, 2.0.x prior to 2.0.4, and 2.1.x prior to 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow malicious users to trick users into visiting ar...
Moodle Moodle 2.0.2
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 2.0.3
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
231
VMScore
CVE-2012-2362
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x prior to 1.9.18, when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.17
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 1.9.16
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.15
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
605
VMScore
CVE-2010-1613
Moodle 1.8.x and 1.9.x prior to 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote malicious users to conduct session fixation attacks.
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.8.4
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
383
VMScore
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspe...
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.8.4
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
668
VMScore
CVE-2010-1615
Multiple SQL injection vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation ...
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.9.3
Moodle Moodle 1.8.4
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
356
VMScore
CVE-2010-1616
Moodle 1.8.x and 1.9.x prior to 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.9.4
Moodle Moodle 1.9.3
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.10
Moodle Moodle 1.8.11
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
Moodle Moodle 1.8.4
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
356
VMScore
CVE-2010-1617
user/view.php in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.
Moodle Moodle 1.8.8
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.9.1
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.9.4
Moodle Moodle 1.9.3
Moodle Moodle 1.8.4
Moodle Moodle 1.8.2
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.10
Moodle Moodle 1.8.11
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »