Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-25630
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and previou...
Moodle Moodle
7.5
CVSSv3
CVE-2020-25698
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9...
Moodle Moodle
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-25699
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and previous versions unsupported versions. This...
Moodle Moodle
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2012-1170
Moodle prior to 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
7.5
CVSSv3
CVE-2012-1155
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
Debian Debian Linux 6.0
7.5
CVSSv3
CVE-2012-1156
Moodle prior to 2.2.2 has users' private files included in course backups
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
7.5
CVSSv3
CVE-2019-10154
A flaw was found in Moodle prior to 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.
Moodle Moodle
7.5
CVSSv3
CVE-2019-6970
Moodle 3.5.x prior to 3.5.4 allows SSRF.
Moodle Moodle
7.5
CVSSv3
CVE-2016-7919
Moodle 3.1.2 allows remote malicious users to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this repo...
Moodle Moodle 3.1.2
7.5
CVSSv3
CVE-2015-5267
lib/moodlelib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.10, 2.8.x prior to 2.8.8, and 2.9.x prior to 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote malicious users to...
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 2.7.6
Moodle Moodle 2.7.5
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
Moodle Moodle 2.7.0
Moodle Moodle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »