Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2004-2232
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and previous versions allows remote malicious users to modify SQL statements.
Moodle Moodle 1.2.1
Moodle Moodle 1.3.3
Moodle Moodle 1.3.2
Moodle Moodle 1.1.1
Moodle Moodle 1.3.1
Moodle Moodle 1.4.1
Moodle Moodle 1.3.4
Moodle Moodle 1.2.0
Moodle Moodle 1.3.0
668
VMScore
CVE-2004-2234
Unknown vulnerability in Moodle prior to 1.2 allows teachers to log in as administrators.
656
VMScore
CVE-2018-1133
An issue exists in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Moodle Moodle
1 EDB exploit
4 Github repositories
632
VMScore
CVE-2015-5332
Atto in Moodle 2.8.x prior to 2.8.9 and 2.9.x prior to 2.9.3 allows remote malicious users to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.5
614
VMScore
CVE-2008-5153
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Moodle Moodle 1.8.2
605
VMScore
CVE-2022-0335
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and previous versions unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
605
VMScore
CVE-2021-43559
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and previous versions unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Extra Packages For Enterprise Linux 7.0
605
VMScore
CVE-2019-10186
A flaw was found in moodle prior to 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Moodle Moodle
605
VMScore
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and previous versions. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
Moodle Moodle
1 Github repository
605
VMScore
CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
Moodle Moodle
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »