Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.7 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
4.3
CVSSv2
CVE-2014-3542
mod/lti/service.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity referen...
Moodle Moodle 2.7.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.7
Moodle Moodle 2.3.9
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.1
Moodle Moodle
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.4.4
Moodle Moodle 2.4.6
Moodle Moodle 2.4.7
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
5
CVSSv2
CVE-2014-3546
Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote malicious users to obtain potentially ...
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.9
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.5
Moodle Moodle 2.3.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.5
Moodle Moodle 2.5.2
3.5
CVSSv2
CVE-2014-3551
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote authenticated users to inject arbitrary web sc...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.5
Moodle Moodle 2.3.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.0
Moodle Moodle 2.3.5
Moodle Moodle 2.3.7
Moodle Moodle 2.7.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
1 Github repository
4.9
CVSSv2
CVE-2014-3553
mod/forum/classes/post_form.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, w...
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.3
Moodle Moodle 2.3.5
Moodle Moodle 2.3.2
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
7.5
CVSSv2
CVE-2014-3541
The Repositories component in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary code via serialized data associ...
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.4
Moodle Moodle 2.4.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.2
Moodle Moodle 2.5.4
Moodle Moodle 2.5.5
Moodle Moodle 2.5.6
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.7.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.7
3.5
CVSSv2
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID...
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.7
Moodle Moodle 2.4.10
Moodle Moodle 2.4.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.0
Moodle Moodle 2.4.2
Moodle Moodle 2.4.9
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.0
Moodle Moodle 2.3.3
1 EDB exploit
1 Github repository
6
CVSSv2
CVE-2014-3545
Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
Moodle Moodle 2.7.0
Moodle Moodle 2.4.10
Moodle Moodle 2.4.1
Moodle Moodle 2.4.8
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.0
Moodle Moodle 2.4.2
Moodle Moodle 2.4.7
Moodle Moodle 2.4.9
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.0
4.3
CVSSv2
CVE-2014-3548
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via vectors that trigger an AJ...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.4.10
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.5.4
Moodle Moodle 2.7.0
6
CVSSv2
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5