Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and previous versions unsupported versions are affected.
Moodle Moodle
7.5
CVSSv3
CVE-2020-25630
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and previou...
Moodle Moodle
7.5
CVSSv3
CVE-2020-25698
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9...
Moodle Moodle
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-25699
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and previous versions unsupported versions. This...
Moodle Moodle
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2012-1170
Moodle prior to 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
7.5
CVSSv3
CVE-2012-1155
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
Debian Debian Linux 6.0
7.5
CVSSv3
CVE-2012-1156
Moodle prior to 2.2.2 has users' private files included in course backups
Moodle Moodle
Fedoraproject Fedora 15
Fedoraproject Fedora 16
Fedoraproject Fedora 17
Redhat Enterprise Linux 6.0
7.5
CVSSv3
CVE-2019-10154
A flaw was found in Moodle prior to 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.
Moodle Moodle
7.5
CVSSv3
CVE-2019-6970
Moodle 3.5.x prior to 3.5.4 allows SSRF.
Moodle Moodle
7.5
CVSSv3
CVE-2016-7919
Moodle 3.1.2 allows remote malicious users to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this repo...
Moodle Moodle 3.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »