Lucene search

K
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113598
HistoryFeb 20, 2023 - 12:00 a.m.

Moodle 3.11.x < 3.11.9 Multiple Vulnerabilities

2023-02-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
moodle
version 3.11.x
vulnerabilities
mustache template library
csrf
h5p libraries
cve-2022-0323
cve-2022-2986

0.001 Low

EPSS

Percentile

45.7%

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.16, 3.11.x prior to 3.11.9 or 4.0.x prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities:

  • A vulnerable version of the Mustache template library included in Moodle. (CVE-2022-0323)

  • A Cross-Site Request Forgery (CSRF) vulnerability due to the lack of token check when enabling and disabled installed H5P libraries. (CVE-2022-2986)

Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.

No source data
VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

0.001 Low

EPSS

Percentile

45.7%