The version of Moodle installed on the remote host is 3.5.x prior to 3.5.18, 3.8.x prior to 3.8.9, 3.9.x prior to 3.9.7 or 3.10.x prior to 3.10.4. It is, therefore, affected by multiple vulnerabilities:
An authorization issue allowing teachers to export a CSV file containing forums from all courses. (CVE-2021-32472)
An information disclosure allowing students to see their quiz grade through the quiz web service before its release. (CVE-2021-32473)
An SQL injection on MNet enabled sites via an XML RPC call from the connected peer host for site administrators or users having access to the keypair. (CVE-2021-32474)
A stored Cross-Site Scripting vulnerability through the ID number displayed in the quiz grading report. (CVE-2021-32475)
A Denial of Service (DoS) due to user file upload limits not being enforced in the draft files area. (CVE-2021-32476)
An information disclosure exposing the last time a user accessed the mobile page on its profile page. (CVE-2021-32477)
A Cross-Site Scripting (XSS) and open redirect lnerability through the redirect URI of the the LTI authorization endpoint. (CVE-2021-32478)
A vulnerable H5P PHP version 1.24 embedded library.
Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32478
moodle.org/mod/forum/discuss.php?d=422305#p1701629
moodle.org/mod/forum/discuss.php?d=422307#p1701631
moodle.org/mod/forum/discuss.php?d=422308#p1701632
moodle.org/mod/forum/discuss.php?d=422309#p1701633
moodle.org/mod/forum/discuss.php?d=422310#p1701635
moodle.org/mod/forum/discuss.php?d=422313#p1701638
moodle.org/mod/forum/discuss.php?d=422314#p1701639
moodle.org/mod/forum/discuss.php?d=422315#p1701640