Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.3.0 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2012-5481
Moodle 2.3.x prior to 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
Moodle Moodle 2.3.1
Moodle Moodle 2.3.2
Moodle Moodle 2.3.0
4
CVSSv2
CVE-2012-4401
Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
5.5
CVSSv2
CVE-2012-4408
course/reset.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
4.9
CVSSv2
CVE-2012-4402
webservice/lib.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one servic...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
4
CVSSv2
CVE-2012-4400
repository/repository_ajax.php in Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
5
CVSSv2
CVE-2012-4403
theme/yui_combo.php in Moodle 2.3.x prior to 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote malicious users to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
5
CVSSv2
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 does not properly check the publication state of blog files, which allows remote malicious users to obtain sensitive information by reading a blog entry that references a non-public fil...
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.1.7
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
4
CVSSv2
CVE-2012-3388
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x prior to 2.2.4 and 2.3.x prior to 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger cach...
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
3.5
CVSSv2
CVE-2012-3396
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.7, 2.2.x prior to 2.2.4, and 2.3.x prior to 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: t...
Moodle Moodle 2.0.2
Moodle Moodle 2.2.2
Moodle Moodle 2.0.1
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.1.3
Moodle Moodle 2.0.9
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.0.8
Moodle Moodle 2.0.7
Moodle Moodle 2.1.4
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
4
CVSSv2
CVE-2012-3397
lib/modinfolib.php in Moodle 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.7, 2.2.x prior to 2.2.4, and 2.3.x prior to 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to byp...
Moodle Moodle 2.0.2
Moodle Moodle 2.2.2
Moodle Moodle 2.0.1
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.1.3
Moodle Moodle 2.0.9
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.0.8
Moodle Moodle 2.0.7
Moodle Moodle 2.1.4
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »