Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.2 vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
NA
CVE-2015-3174
mod/quiz/db/access.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-3175
Multiple open redirect vulnerabilities in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote malicious users to obtain sensitive full-name information by attempting to self-register.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-3178
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-3179
login/confirm.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-3180
lib/navigationlib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.7.6
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.8.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
NA
CVE-2015-2266
message/index.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sen...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-2271
tag/user.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended ac...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.8.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
NA
CVE-2015-0218
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote malicious users to hijack the authentication of arbitrary users for requests that ...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.6
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »