Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0797
The webservices functionality in Moodle 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
Moodle Moodle
Moodle Moodle 2.2.0
NA
CVE-2012-3388
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x prior to 2.2.4 and 2.3.x prior to 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger cach...
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.2.3
Moodle Moodle 2.3.0
Moodle Moodle 2.2.2
NA
CVE-2012-3389
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x prior to 2.2.4 and 2.3.x prior to 2.3.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
NA
CVE-2012-0801
lib/formslib.php in Moodle 2.1.x prior to 2.1.4 and 2.2.x prior to 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
NA
CVE-2012-0798
The self-enrolment functionality in Moodle 2.1.x prior to 2.1.4 and 2.2.x prior to 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
Moodle Moodle 2.2.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
NA
CVE-2012-4400
repository/repository_ajax.php in Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
Moodle Moodle 2.2.2
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.3
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
NA
CVE-2012-4401
Moodle 2.2.x prior to 2.2.5 and 2.3.x prior to 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2012-2354
Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
NA
CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 does not use HTTPS, which allows remote malicious users to obtain credentials by sniffing the network.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
NA
CVE-2012-2353
Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.1
Moodle Moodle 2.2.0
Moodle Moodle 2.2.1
Moodle Moodle 2.2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »