Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.9.1 vulnerabilities and exploits
(subscribe to this query)
632
VMScore
CVE-2015-5332
Atto in Moodle 2.8.x prior to 2.8.9 and 2.9.x prior to 2.9.3 allows remote malicious users to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 2.8.8
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.8.2
Moodle Moodle 2.8.0
Moodle Moodle 2.9.0
605
VMScore
CVE-2016-3734
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 up to and including 3.0.3, 2.9 up to and including 2.9.5, 2.8 up to and including 2.8.11, 2.7 up to and including 2.7.13 and previous versions allows remote malicious users to hijack the authentication...
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.11
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.9.4
Moodle Moodle 2.8.9
Moodle Moodle 2.7.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 3.0.2
Moodle Moodle 2.7.12
Moodle Moodle 3.0.0
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 3.0.1
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
605
VMScore
CVE-2016-2157
Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.13, 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 allows remote malicious users to hijack the authentication of ad...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.11
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.9.4
Moodle Moodle 2.8.9
Moodle Moodle 2.7.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 3.0.2
Moodle Moodle 2.7.12
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 3.0.1
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
605
VMScore
CVE-2015-5338
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allow remote malicious users to hijack the authentication of arbitrary users for requests to...
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.10
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.8.8
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.9.2
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
516
VMScore
CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
Moodle Moodle 2.9.6
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.9.4
Moodle Moodle 3.1.0
Moodle Moodle 2.8.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 3.0.4
Moodle Moodle 3.0.2
Moodle Moodle 2.8.12
Moodle Moodle 3.0.1
Moodle Moodle 2.8.8
Moodle Moodle 3.0.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.9.5
Moodle Moodle 2.8.11
Moodle Moodle
Moodle Moodle 2.8.5
Moodle Moodle 3.0.3
516
VMScore
CVE-2016-5014
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
Moodle Moodle 2.9.6
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.9.4
Moodle Moodle 3.1.0
Moodle Moodle 2.8.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 3.0.4
Moodle Moodle 3.0.2
Moodle Moodle 2.8.12
Moodle Moodle 3.0.1
Moodle Moodle 2.8.8
Moodle Moodle 3.0.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.9.5
Moodle Moodle 2.8.11
Moodle Moodle 2.8.5
Moodle Moodle 3.0.3
Moodle Moodle 2.9.2
516
VMScore
CVE-2015-3272
Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.9, 2.8.x prior to 2.8.7, and 2.9.x prior to 2.9.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing atta...
Moodle Moodle 2.7.1
Moodle Moodle 2.6.10
Moodle Moodle 2.8.3
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.6.7
Moodle Moodle 2.7.4
Moodle Moodle 2.6.1
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 2.6.5
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.8
Moodle Moodle 2.8.1
Moodle Moodle 2.6.4
Moodle Moodle 2.6.9
Moodle Moodle 2.8.5
Moodle Moodle 2.6.3
Moodle Moodle 2.7.8
490
VMScore
CVE-2015-5264
The lesson module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.10, 2.8.x prior to 2.8.8, and 2.9.x prior to 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
Moodle Moodle 2.7.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.8.5
Moodle Moodle 2.7.8
Moodle Moodle 2.8.2
Moodle Moodle 2.7.7
Moodle Moodle 2.8.0
Moodle Moodle 2.9.0
445
VMScore
CVE-2016-3731
Moodle 3.0 up to and including 3.0.3, 2.9 up to and including 2.9.5, and 2.8 up to and including 2.8.11 allows remote malicious users to obtain the names of hidden forums and forum discussions.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.9.4
Moodle Moodle 2.8.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 2.8.6
Moodle Moodle 3.0.2
Moodle Moodle 3.0.0
Moodle Moodle 3.0.1
Moodle Moodle 2.8.8
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.9.5
Moodle Moodle 2.8.11
Moodle Moodle 2.8.5
Moodle Moodle 3.0.3
Moodle Moodle 2.9.2
Moodle Moodle 2.9.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.0
Moodle Moodle 2.9.0
445
VMScore
CVE-2016-7038
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
Moodle Moodle 2.9.6
Moodle Moodle 2.8.3
Moodle Moodle 2.8.7
Moodle Moodle 2.9.4
Moodle Moodle 3.1.0
Moodle Moodle 2.8.9
Moodle Moodle 2.8.10
Moodle Moodle 2.8.4
Moodle Moodle 3.0.5
Moodle Moodle 2.8.6
Moodle Moodle 3.0.4
Moodle Moodle 3.0.2
Moodle Moodle 2.8.12
Moodle Moodle 2.9.7
Moodle Moodle 3.0.1
Moodle Moodle 2.8.8
Moodle Moodle 3.0.0
Moodle Moodle 2.9.1
Moodle Moodle 2.8.1
Moodle Moodle 2.9.5
Moodle Moodle 2.8.11
Moodle Moodle 2.8.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »