SQL Injection

moodle/moodle is vulnerable to SQL Injection attacks. The vulnerability exists in getsubwikipages function of external.php due to lack of sanitization of user inputs which allows an attacker to inject and execute arbitrary sql queries...

Information Disclosure

moodle/moodle is vulnerable to information disclosure. The vulnerability exists through the attempts parameter inexternal.php due to improper access control which allows an authenticated attacker to gain access to confidential information in the file system via insufficient capability checks...

thecovernippon.jp Open Redirect vulnerability

Vulnerable URL: http://www.thecovernippon.jp/external.php?exurl=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 3517486 Google Pagerank| 0 VIP...

Moodle 'external.php' 'badge' Parameter XSS

The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...