52 matches found
EUVD-2012-3363
Malware in sbrugna...
EUVD-2022-5519
Malicious code in bioql PyPI...
EUVD-2022-2053
Malicious code in bioql PyPI...
CVE-2013-1829
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role...
Moodle Improper Access Control vulnerability
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...
GHSA-5P2X-8427-9FGP Moodle Improper Access Control vulnerability
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...
CVE-2024-1439
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...
PT-2024-2834 · Moodle · Moodle Lms
Name of the Vulnerable Software and Affected Versions: Moodle LMS affected versions not specified Description: The issue is related to inadequate access control in the Moodle Learning Management System. This could allow a user with a student role to create arbitrary events intended for users with...
SUSE CVE-2015-5336
Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...
CVE-2022-42925
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-42924
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...
CVE-2022-42923
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-41680
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...
Sql injection
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
Sql injection
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...
Sql injection
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...
CVE-2022-42923 SQL injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
Moodle does not properly restrict access
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict 1 view and 2 edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to...
GHSA-MM9Q-3847-M48X Moodle allows attackers to enter additional answer attempts
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
GHSA-GRVW-QQ2J-R898 Moodle multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey...