EUVD-2024-3291

Malicious code in bioql PyPI...

BIT-MOODLE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

BIT-MOODLE-2024-43434 Moodle: csrf risk in feedback non-respondents report

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...

Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2024-43438

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

UBUNTU-CVE-2024-43438

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

UBUNTU-CVE-2024-43434

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...

Cross-site Request Forgery (CSRF)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the bulk message sending feature. An attacker can manipulate the user's browser to perform unintended actions on the web application by tricking the victim in...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2024-43438

CVE-2024-43438 affects Moodle’s Feedback feature: in the activity’s non-respondents report, bulk messaging did not verify that recipients are limited to the users returned by the report, enabling potential messaging of unintended users. The CVSS 3.1 vector indicates Network attack vector, Low att...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

PT-2024-30582 · Feedback +1 · Feedback +1

Name of the Vulnerable Software and Affected Versions: Feedback affected versions not specified Description: A flaw was found in Feedback where bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that originates from bulk messaging of unauthenticated message recipients...