Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.7.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2015-5272
The Forum module in Moodle 2.7.x prior to 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Moodle Moodle 2.7.1
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.0
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5335
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote malicious users to hijack the authentication of administrators for requests...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5339
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users ...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5340
Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/ove...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5342
The choice module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
NA
CVE-2015-0211
mod/lti/ajax.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows ...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.6
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
NA
CVE-2015-0214
message/externallib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.6
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
NA
CVE-2015-0215
calendar/externallib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.6
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
NA
CVE-2015-2268
filter/urltolink/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) t...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »