Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2012-1168
Moodle prior to 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
8.1
CVSSv3
CVE-2018-1137
An issue exists in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
Moodle Moodle
8.1
CVSSv3
CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
Moodle Moodle
7.5
CVSSv3
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and previous versions unsupported versions.
Moodle Moodle 4.2.0
Moodle Moodle
7.5
CVSSv3
CVE-2021-36396
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Moodle Moodle
7.5
CVSSv3
CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
Moodle Moodle
7.5
CVSSv3
CVE-2020-14322
In Moodle prior to 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
Moodle Moodle
Moodle Moodle 3.9.0
7.5
CVSSv3
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote malicious user to perform directory traversal attacks. The capability...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-28986
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote malicious users to update sensitive records such as email, password and phone number of other user accounts.
Lmsdoctor 2 Factor Authentication 2021072900
1 Github repository
7.5
CVSSv3
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and previous versions unsupported versions are affected.
Moodle Moodle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »