Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.4.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allows remote malicious users to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x up to and including 1.9.19, 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated use...
Moodle Moodle 1.9.4
Moodle Moodle 1.9.17
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.18
Moodle Moodle 1.9.10
Moodle Moodle 1.9.16
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.15
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
NA
CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comm...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote malicious users to obtain sensitive information by reading this feed.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6106
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x prior to 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar objec...
Moodle Moodle 2.4.0
NA
CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon prior to 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 and other products, does not properly handle control charact...
Tinymce Spellchecker Php 2.0
Tinymce Spellchecker Php 2.0.1
Tinymce Spellchecker Php 2.0.2
Tinymce Spellchecker Php 2.0.3
Tinymce Spellchecker Php 2.0.6
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
NA
CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveragi...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.8
Moodle Moodle 2.1.9
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6102
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x prior to 2.3.4 and 2.4.x prior to 2.4.1 allows remote malicious users to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2012-6103
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 allow remote malicious users to hijack the authentication of arbitrary users for requests th...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.6
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.5
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.3
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
Moodle Moodle 2.4.0
NA
CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a doub...
Smarty Smarty 1.4.3
Smarty Smarty 1.0
Smarty Smarty 1.0b
Smarty Smarty 2.3.1
Smarty Smarty 2.6.0
Smarty Smarty 1.4.0
Smarty Smarty 1.4.5
Smarty Smarty 2.6.1
Smarty Smarty 2.6.7
Smarty Smarty 2.3.0
Smarty Smarty 1.0a
Smarty Smarty 1.1.0
Smarty Smarty 2.6.15
Smarty Smarty 2.6.3
Smarty Smarty 2.6.14
Smarty Smarty 2.5.0
Smarty Smarty 1.2.1
Smarty Smarty 2.6.17
Smarty Smarty 2.6.11
Smarty Smarty 1.3.0
Smarty Smarty 1.4.1
Smarty Smarty 2.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »