Lucene search
K

11 matches found

OSV
OSV
added 2025/06/13 6:12 a.m.3 views

BIT-MOODLE-2024-48900 Moodle: idor when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to...

4.3CVSS4.3AI score0.00341EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.13 views

Moodle 4.0.x < 4.0.12 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.25 / 3.11.x prior to 3.11.18 / 4.0.x prior to 4.0.12 / 4.1.x prior to 4.1.7 / 4.2.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities: - XSS risk when manually running a task ...

7.4AI score
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.9 views

Moodle 3.11.x < 3.11.18 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.25 / 3.11.x prior to 3.11.18 / 4.0.x prior to 4.0.12 / 4.1.x prior to 4.1.7 / 4.2.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities: - XSS risk when manually running a task ...

7.4AI score
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.10 views

Moodle 4.1.x < 4.1.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.25 / 3.11.x prior to 3.11.18 / 4.0.x prior to 4.0.12 / 4.1.x prior to 4.1.7 / 4.2.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities: - XSS risk when manually running a task ...

7.4AI score
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.5 views

Moodle 4.4.x < 4.4.4 Multiple Insecure Direct Object Reference

According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.4. It is, therefore, affected by multiple insecure direct object reference. - An IDOR when accessing list of badge recipients. - An IDOR when accessing list of course badges. Note that the...

4.3CVSS7.3AI score0.00341EPSS
Exploits0References6
Veracode
Veracode
added 2024/12/04 11:40 a.m.8 views

Unauthorized Data Access

moodle/moodle is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access control checks, allowing users with permission to view badge recipients to access unintended lists...

4.3CVSS6.5AI score0.00341EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/13 3:31 p.m.13 views

Moodle IDOR when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to...

4.3CVSS6.7AI score0.00341EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/11/13 3:15 p.m.13 views

CVE-2024-48900

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to...

4.3CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 2:27 p.m.59 views

CVE-2024-48900

CVE-2024-48900 (Moodle) : A location-based IDOR vulnerability in Moodle allows users with permission to view badge recipients to access lists they should not see. Root cause: insufficient access-control checks when fetching badge recipient lists. Impact: potential information exposure of badge re...

4.3CVSS4.5AI score0.00341EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/13 2:27 p.m.7 views

CVE-2024-48900 Moodle: idor when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to...

6.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.3 views

Moodle 信息泄露漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the need for additional checks to ensure that onl...

4.3CVSS5.9AI score0.00341EPSS
Exploits0References2
Rows per page
Query Builder