Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.2 vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
6.8
CVSSv2
CVE-2015-1493
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.8, 2.7.x prior to 2.7.5, and 2.8.x prior to 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot)...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
6.8
CVSSv2
CVE-2015-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allow remote malicious users to hijack...
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.8.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.7.2
3.5
CVSSv2
CVE-2015-3174
mod/quiz/db/access.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook...
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.8.3
Moodle Moodle 2.8.4
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.6.9
Moodle Moodle 2.6.8
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.0
Moodle Moodle 2.8.0
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
5.8
CVSSv2
CVE-2015-3175
Multiple open redirect vulnerabilities in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page...
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.7.7
Moodle Moodle 2.7.6
Moodle Moodle 2.8.0
Moodle Moodle 2.8.1
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.8.4
Moodle Moodle 2.8.5
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.6.10
Moodle Moodle 2.6.9
4.3
CVSSv2
CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote malicious users to obtain sensitive full-name information by attempting to self-register.
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.6.10
Moodle Moodle 2.6.9
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
4
CVSSv2
CVE-2015-3180
lib/navigationlib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.11, 2.7.x prior to 2.7.8, and 2.8.x prior to 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment...
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.0
Moodle Moodle 2.6.10
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.8.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.7.6
Moodle Moodle 2.7.5
Moodle Moodle 2.8.1
Moodle Moodle 2.8.2
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
3.5
CVSSv2
CVE-2015-0212
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
6.8
CVSSv2
CVE-2015-0217
filter/mediaplugin/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against ...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.7.0
Moodle Moodle 2.8.0
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.0
Moodle Moodle 2.7.2
4
CVSSv2
CVE-2015-0211
mod/lti/ajax.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows ...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.3
Moodle Moodle 2.6.1
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.0
Moodle Moodle 2.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »