Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.7.1 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-5272
The Forum module in Moodle 2.7.x prior to 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Moodle Moodle 2.7.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
5
CVSSv2
CVE-2014-7847
iplookup/index.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote malicious users to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.0
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.7.0
Moodle Moodle 2.7.2
5
CVSSv2
CVE-2014-7848
lib/phpunit/bootstrap.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 allows remote malicious users to obtain sensitive information via a direct request, which reveals the full path in an error message.
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.5.5
Moodle Moodle 2.5.3
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
4.3
CVSSv2
CVE-2014-9059
lib/setup.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide charset information in HTTP headers, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via UTF-7 characte...
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
5
CVSSv2
CVE-2014-9060
The LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote malicious users to trigger the generation of arbitrary messages via a modi...
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
4
CVSSv2
CVE-2014-7831
lib/classes/grades_external.php in Moodle 2.7.x prior to 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades...
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.8
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
4
CVSSv2
CVE-2014-7846
tag/tag_autocomplete.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions...
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.0
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.7.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.6
Moodle Moodle 2.5.4
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.6.4
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.3
3.5
CVSSv2
CVE-2014-7830
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by lev...
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
4
CVSSv2
CVE-2014-7832
mod/lti/launch.php in the LTI module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod...
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.2
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
4
CVSSv2
CVE-2014-7833
mod/data/edit.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the data...
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle
Moodle Moodle 2.6.3
Moodle Moodle 2.6.4
Moodle Moodle 2.6.5
Moodle Moodle 2.7.0
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.0
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.1
Moodle Moodle 2.7.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »