Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.7.6 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2015-5272
The Forum module in Moodle 2.7.x prior to 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Moodle Moodle 2.7.1
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.0
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5335
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote malicious users to hijack the authentication of administrators for requests...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5339
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users ...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5340
Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/ove...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
4.3
CVSSv3
CVE-2015-5342
The choice module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
NA
CVE-2015-2268
filter/urltolink/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) t...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
1 EDB exploit
NA
CVE-2015-2271
tag/user.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended ac...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-2272
login/token.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-2273
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML ...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »