Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
6.5
CVSSv3
CVE-2020-36633
A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to ...
Moodle-block Sitenews Project Moodle-block Sitenews
6.5
CVSSv3
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
Moodle Moodle
6.5
CVSSv3
CVE-2022-28601
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote malicious users to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification m...
Lmsdoctor 2 Factor Authentication -
1 Github repository
6.5
CVSSv3
CVE-2020-25700
In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and previous versions unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, ...
Moodle Moodle
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.5
CVSSv3
CVE-2020-1692
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Moodle Moodle
6.5
CVSSv3
CVE-2018-1134
An issue exists in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
Moodle Moodle
6.5
CVSSv3
CVE-2018-1135
An issue exists in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
Moodle Moodle
6.5
CVSSv3
CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker.
Moodle Moodle 3.2.2
Moodle Moodle 3.2.4
Moodle Moodle 3.4.0
Moodle Moodle 3.2.6
Moodle Moodle 3.3.0
Moodle Moodle 3.3.1
Moodle Moodle 3.3.2
Moodle Moodle
Moodle Moodle 3.2.0
Moodle Moodle 3.2.1
Moodle Moodle 3.2.3
Moodle Moodle 3.2.5
Moodle Moodle 3.3.3
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
Moodle Moodle 3.2.6
Moodle Moodle 3.3.1
Moodle Moodle 3.3.2
Moodle Moodle 3.3.3
Moodle Moodle 3.4.0
Moodle Moodle 3.2.1
Moodle Moodle 3.2.2
Moodle Moodle 3.2.3
Moodle Moodle 3.2.4
Moodle Moodle 3.2.0
Moodle Moodle 3.2.5
Moodle Moodle 3.3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »