ROS-20260420-73-0031

Vulnerability in moodle related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260224-73-0016

Vulnerability in moodle related to lack of element neutralization in csv file. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260224-73-0014

Vulnerability in moodle related to information disclosure during data transfer. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

Linux Distros Unpatched Vulnerability : CVE-2025-67856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be...

Linux Distros Unpatched Vulnerability : CVE-2025-67848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI...

Linux Distros Unpatched Vulnerability : CVE-2025-67849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject...

Linux Distros Unpatched Vulnerability : CVE-2025-67851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit...

Linux Distros Unpatched Vulnerability : CVE-2025-67853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attacker...

UBUNTU-CVE-2025-67853

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

EUVD-2025-206748

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts...

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle Foundation. It is also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from incomplete role checks...

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

Linux Distros Unpatched Vulnerability : CVE-2025-67847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient...

BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication 2FA...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. An attacker can execute arbitrary code on the server by...

CVE-2021-47857

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

EUVD-2026-3616

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

CVE-2008-6124

SQL injection vulnerability in the hotpotdeleteselectedattempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt...

Linux Distros Unpatched Vulnerability : CVE-2025-62396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not proper...