CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Github Security Blog•added 2022/05/13 1:12 a.m.•19 views

Moodle cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file...

6.8CVSS7.7AI score0.00126EPSS

Exploits0References9Affected Software1

OSV•added 2022/05/13 1:12 a.m.•18 views

GHSA-4WVG-7886-83GV Moodle cross-site request forgery (CSRF) vulnerability

6.8CVSS6.5AI score0.00126EPSS

Exploits0References9

Veracode•added 2017/07/04 9:10 a.m.•21 views

Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator's authentication...

6.8CVSS6.2AI score0.00126EPSS

Exploits0References4Affected Software1

Mageia•added 2014/04/03 5:23 p.m.•38 views

Updated moodle packages fix multiple security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quizquestiontostring can cause invalid HTML CVE-2014-2571. Feedback Availability dates not honored in complete.php in Moodle...

6.8CVSS6.1AI score0.00258EPSS

Exploits0References11

UbuntuCve•added 2014/03/24 2:20 p.m.•20 views

CVE-2014-0126

6.8CVSS5.9AI score0.00126EPSS

Exploits0References4

CVE•added 2014/03/22 1:0 a.m.•56 views

CVE-2014-0126

CVE-2014-0126 is a Moodle CSRF vulnerability in enrol/imsenterprise/importnow.php that can hijack administrator authentication for IMS Enterprise import requests. Affected Moodle versions include up to 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2. The provided documents ...

6.8CVSS6.8AI score0.00126EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2012/07/16 10:28 a.m.•21 views

CVE-2011-4283

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml...

5CVSS5.9AI score0.00283EPSS

Exploits0References1

CVE•added 2012/07/16 10:0 a.m.•48 views

CVE-2011-4283

The CVE refers to Moodle prior to 1.9.11 and 2.0.x prior to 2.0.2, where an IMS enterprise enrolment file is placed in the course-files area, allowing remote attackers to retrieve imsenterprise-enrol.xml and obtain sensitive information. Concretely, affected software: Moodle 1.9.x up to 1.9.11 an...

5CVSS6.1AI score0.00283EPSS

Exploits0References3Affected Software1

securityvulns•added 2011/06/19 12:0 a.m.•47 views

[SECURITY] [DSA 2262-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...

1.7AI score

Exploits0

OSV•added 2011/06/16 12:0 a.m.•26 views

DSA-2262-1 moodle - several

Bulletin has no description...

6.8CVSS6.2AI score0.00296EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by