Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
383
VMScore
CVE-2014-3542
mod/lti/service.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity referen...
Moodle Moodle 2.7.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.7
Moodle Moodle 2.3.9
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.1
Moodle Moodle
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.4.4
Moodle Moodle 2.4.6
Moodle Moodle 2.4.7
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
445
VMScore
CVE-2014-3546
Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote malicious users to obtain potentially ...
Moodle Moodle 2.6.3
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.9
Moodle Moodle 2.3.1
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.5
Moodle Moodle 2.3.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.5
Moodle Moodle 2.5.2
312
VMScore
CVE-2014-3551
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote authenticated users to inject arbitrary web sc...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.5
Moodle Moodle 2.3.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.3.0
Moodle Moodle 2.3.5
Moodle Moodle 2.3.7
Moodle Moodle 2.7.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
1 Github repository
436
VMScore
CVE-2014-3553
mod/forum/classes/post_form.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, w...
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.3
Moodle Moodle 2.3.5
Moodle Moodle 2.3.2
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
668
VMScore
CVE-2014-3541
The Repositories component in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary code via serialized data associ...
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.4
Moodle Moodle 2.4.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.2
Moodle Moodle 2.5.4
Moodle Moodle 2.5.5
Moodle Moodle 2.5.6
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.7.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.7
355
VMScore
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID...
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.7
Moodle Moodle 2.4.10
Moodle Moodle 2.4.1
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.0
Moodle Moodle 2.4.2
Moodle Moodle 2.4.9
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.0
Moodle Moodle 2.3.3
1 EDB exploit
1 Github repository
534
VMScore
CVE-2014-3545
Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
Moodle Moodle 2.7.0
Moodle Moodle 2.4.10
Moodle Moodle 2.4.1
Moodle Moodle 2.4.8
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.5
Moodle Moodle 2.4.6
Moodle Moodle 2.4.0
Moodle Moodle 2.4.2
Moodle Moodle 2.4.7
Moodle Moodle 2.4.9
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.3.8
Moodle Moodle 2.3.9
Moodle Moodle 2.3.0
383
VMScore
CVE-2014-3548
Multiple cross-site scripting (XSS) vulnerabilities in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via vectors that trigger an AJ...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
Moodle Moodle 2.5.2
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.3.10
Moodle Moodle
Moodle Moodle 2.3.2
Moodle Moodle 2.3.3
Moodle Moodle 2.4.10
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.4
Moodle Moodle 2.3.6
Moodle Moodle 2.5.4
Moodle Moodle 2.7.0
534
VMScore
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, and 2.5.x prior to 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin inte...
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.6
Moodle Moodle 2.4.8
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.3.7
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.10
Moodle Moodle 2.3.2
Moodle Moodle 2.3.9
Moodle Moodle
Moodle Moodle 2.3.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »