Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.5.2 vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-21809
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Moodle Moodle 3.10.0
1 Github repository
668
VMScore
CVE-2014-7845
The generate_password function in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote malicious users to obtain access via a brute-force a...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.6.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
668
VMScore
CVE-2014-3541
The Repositories component in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary code via serialized data associ...
Moodle Moodle 2.4.5
Moodle Moodle 2.4.7
Moodle Moodle 2.4.0
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.8
Moodle Moodle 2.4.9
Moodle Moodle 2.4.10
Moodle Moodle 2.4.4
Moodle Moodle 2.4.6
Moodle Moodle 2.5.0
Moodle Moodle 2.5.2
Moodle Moodle 2.5.4
Moodle Moodle 2.5.5
Moodle Moodle 2.5.6
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.7.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.10
Moodle Moodle 2.3.7
668
VMScore
CVE-2013-4313
Moodle up to and including 2.2.11, 2.3.x prior to 2.3.9, 2.4.x prior to 2.4.6, and 2.5.x prior to 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote malicious users to conduct SQL injection attacks against Microsoft SQL Server via a...
Moodle Moodle 2.3.3
Moodle Moodle 2.3.4
Moodle Moodle 2.3.5
Moodle Moodle 2.3.6
Moodle Moodle 2.2.9
Moodle Moodle 2.4.1
Moodle Moodle 2.4.2
Moodle Moodle 2.4.3
Moodle Moodle 2.4.4
Moodle Moodle 2.2.10
Moodle Moodle
Moodle Moodle 2.2.2
Moodle Moodle 2.2.3
Moodle Moodle 2.5.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.3.7
Moodle Moodle 2.2.0
Moodle Moodle 2.2.5
Moodle Moodle 2.2.7
Moodle Moodle 2.5.0
Moodle Moodle 2.4.0
668
VMScore
CVE-2013-5674
badges/external.php in Moodle 2.5.x prior to 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote malicious users to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting ...
Moodle Moodle 2.5.0
Moodle Moodle 2.5.1
1 Github repository
605
VMScore
CVE-2015-1493
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.8, 2.7.x prior to 2.7.5, and 2.8.x prior to 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot)...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle
Moodle Moodle 2.6.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
605
VMScore
CVE-2015-0218
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote malicious users to hijack the authentication of arbitrary users for requests that ...
Moodle Moodle
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.3
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.5.2
Moodle Moodle 2.5.1
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.6
Moodle Moodle 2.6.4
Moodle Moodle 2.7.1
Moodle Moodle 2.8.0
Moodle Moodle 2.5.7
Moodle Moodle 2.5.5
Moodle Moodle 2.5.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.0
605
VMScore
CVE-2015-2268
filter/urltolink/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, and 2.8.x prior to 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an...
Moodle Moodle 2.5.0
Moodle Moodle 2.6.8
Moodle Moodle 2.6.7
Moodle Moodle 2.6.6
Moodle Moodle 2.8.1
Moodle Moodle 2.8.2
Moodle Moodle 2.8.3
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.6.0
Moodle Moodle 2.7.5
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.6.2
Moodle Moodle 2.7.1
605
VMScore
CVE-2015-0217
filter/mediaplugin/filter.php in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against ...
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.5.3
Moodle Moodle 2.7.0
Moodle Moodle 2.8.0
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.6.1
Moodle Moodle 2.5.8
Moodle Moodle 2.5.1
Moodle Moodle 2.6.6
Moodle Moodle 2.7.3
Moodle Moodle 2.7.1
Moodle Moodle
Moodle Moodle 2.5.7
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.0
Moodle Moodle 2.7.2
605
VMScore
CVE-2015-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle up to and including 2.5.9, 2.6.x prior to 2.6.7, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.2 allow remote malicious users to hijack...
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.5.4
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.8.0
Moodle Moodle 2.6.5
Moodle Moodle 2.6.4
Moodle Moodle 2.6.3
Moodle Moodle 2.6.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.6
Moodle Moodle 2.6.1
Moodle Moodle 2.7.3
Moodle Moodle
Moodle Moodle 2.5.2
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.7.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »