Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv2
CVE-2015-5332
Atto in Moodle 2.8.x prior to 2.8.9 and 2.9.x prior to 2.9.3 allows remote malicious users to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.5
6.9
CVSSv2
CVE-2008-5153
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Moodle Moodle 1.8.2
6.8
CVSSv2
CVE-2022-0335
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and previous versions unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
6.8
CVSSv2
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and previous versions unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Extra Packages For Enterprise Linux 7.0
6.8
CVSSv2
CVE-2019-10186
A flaw was found in moodle prior to 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Moodle Moodle
6.8
CVSSv2
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and previous versions. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
Moodle Moodle
1 Github repository
6.8
CVSSv2
CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
Moodle Moodle
6.8
CVSSv2
CVE-2016-3734
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 up to and including 3.0.3, 2.9 up to and including 2.9.5, 2.8 up to and including 2.8.11, 2.7 up to and including 2.7.13 and previous versions allows remote malicious users to hijack the authentication...
Moodle Moodle 2.7.7
Moodle Moodle 2.7.8
Moodle Moodle 2.7.9
Moodle Moodle 2.7.10
Moodle Moodle 2.7.11
Moodle Moodle 2.8.0
Moodle Moodle 2.8.1
Moodle Moodle 2.9.0
Moodle Moodle 2.9.1
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.8.4
Moodle Moodle 2.8.5
Moodle Moodle 2.8.6
Moodle Moodle 2.8.7
Moodle Moodle 3.0.0
Moodle Moodle 2.7.4
Moodle Moodle 2.7.6
Moodle Moodle 2.7.13
Moodle Moodle 2.8.3
Moodle Moodle 2.8.8
6.8
CVSSv2
CVE-2016-2157
Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.13, 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 allows remote malicious users to hijack the authentication of ad...
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.4
Moodle Moodle 2.8.3
Moodle Moodle 3.0.0
Moodle Moodle 2.9.4
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.7.12
Moodle Moodle 2.7.9
Moodle Moodle 2.7.2
Moodle Moodle 2.7.11
Moodle Moodle 2.7.6
Moodle Moodle 2.7.5
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 3.0.2
Moodle Moodle 3.0.1
Moodle Moodle 2.8.10
Moodle Moodle 2.8.9
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
6.8
CVSSv2
CVE-2015-5338
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allow remote malicious users to hijack the authentication of arbitrary users for requests to...
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
Moodle Moodle 2.7.6
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 2.7.10
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.9.1
Moodle Moodle 2.8.8
Moodle Moodle 2.8.3
Moodle Moodle 2.8.1
Moodle Moodle 2.7.4
Moodle Moodle 2.7.2
Moodle Moodle 2.9.2
Moodle Moodle 2.9.0
Moodle Moodle 2.8.2
Moodle Moodle 2.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »