Arbitrary File Read

moodle/moodle is vulnerable to an Arbitrary File Read. The vulnerability is due to the processwiki function in lib.php because it lack adequate sanitization in the $data parameter, which allows an attacker to gain access to files and read sensitive information via the wiki backup feature...

SQL Injection

moodle/moodle is vulnerable to SQL Injection. The vulnerability is due to improper SQL sanitization in lib.php, allowing an authenticated attacker to inject and execute malicious SQL queries when viewing a users recent courses, leading to Information Disclosure...

Denial Of Service (DoS)

moodle/moodle is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause endless recursion due to insufficient checks in the parsefile function of lib.php, resulting in an application crash...

Remote Code Execution

moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convertconfigdata function of lib.php when restoring backup files which allows an attacker to execute remote codes in the system...

GHSA-43R4-VM25-QM78 Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module

Multiple cross-site request forgery CSRF vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within 1...

60CycleCMS - news.php SQL Injection

60CycleCMS - news.php SQL Injection Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability Google Dork: N/A Date: 2020-02-10 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...

60CycleCMS - 'news.php' SQL Injection

Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability Google Dork: N/A Date: 2020-02-10 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...

PivotX Remote Code Execution Vulnerability

PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A security vulnerability exists in the lib.php file in PivotX version 2.3.11, which stems from the program failing to properly block the upload ...

CVE-2017-14958

lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file...

Cross-site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary web script through the PARAMRAW parameter in repository/url/lib.php...

Code injection

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code...

CVE-2014-3927

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code...

CVE-2014-3927

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code...

CVE-2014-3617

The CVE-2014-3617 issue affects Moodle’s forum: the function forum_print_latest_discussions in mod/forum/lib.php allowed remote authenticated users to bypass the requirement to post an answer and to discover an author’s username by visiting a Q&A forum, without needing the mod/forum:viewqandawith...

Softerra PHP Developer Library 1.5.3 Grid3.lib.PHP Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20442/info Softerra PHP Developer Library is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise...

PHPLibrary <= 1.5.3 (grid3.lib.php) Remote File Include Vulnerability

No description provided by source...

CVE-2014-0125

Moodle vuln CVE-2014-0125: repository/alfresco/lib.php in Moodle up to 2.3.11, 2.4.x &lt; 2.4.9, 2.5.x &lt; 2.5.5, and 2.6.x

Code injection

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

CVE-2012-2362

Moodle 1.9.x is affected by CVE-2012-2362: an XSS in blog/lib.php is exploitable via a crafted parameter to blog/index.php when using Internet Explorer, affecting versions before 1.9.18. The issue allows remote injection of arbitrary script/HTML. Connected sources confirm the vulnerability detail...

VulnCheck KEV: CVE-2009-4834

lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to nowconnect.php...