Moodle 4.0.x < 4.0.11 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.24 / 3.11.x prior to 3.11.17 / 4.0.x prior to 4.0.11 / 4.1.x prior to 4.1.6 / 4.2.x prior to 4.2.3. It is, therefore, affected by multiple vulnerabilities: - Forum summary report shows students fr...

Moodle 4.1.x < 4.1.6 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.24 / 3.11.x prior to 3.11.17 / 4.0.x prior to 4.0.11 / 4.1.x prior to 4.1.6 / 4.2.x prior to 4.2.3. It is, therefore, affected by multiple vulnerabilities: - Forum summary report shows students fr...

Moodle 4.2.x < 4.2.3 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.24 / 3.11.x prior to 3.11.17 / 4.0.x prior to 4.0.11 / 4.1.x prior to 4.1.6 / 4.2.x prior to 4.2.3. It is, therefore, affected by multiple vulnerabilities: - Forum summary report shows students fr...

CVE-2023-5549 Moodle: insufficient capability checks when updating the parent of a course category

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

Information Disclosure

Moodle is vulnerable to information disclosure. The library allows a guest user to enumerate through sensitive course category details even when force login is enabled...

MGASA-2016-0122 Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

CVE-2012-5167

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the 1 field parameter to coursecategory/indexinlineeditorsubmit.php or 2 user/indexinlineeditorsubmit.php; or 3 id parameter to user/userpassword.php...