Lucene search
+L

72 matches found

Veracode
Veracode
added 2022/03/15 12:41 p.m.37 views

SQL Injection

moodle/moodle is vulnerable to SQL Injection attacks. The library does not properly sanitize the keepaliveserver function in the auth.php file allowing a malicious user to inject and execute malicious XML-RPC requests via the MNet peer...

7.2CVSS4.9AI score0.00912EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/12 12:0 a.m.33 views

GHSA-RVMC-8GMG-GGQR Moodle Blind SQL injection possible via MNet authentication

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.1AI score0.00912EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.27 views

Moodle Blind SQL injection possible via MNet authentication

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.5AI score0.00912EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/03/11 6:15 p.m.36 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS0.00912EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.26 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.6AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/03/11 6:15 p.m.47 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.2AI score0.00912EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 6:15 p.m.4 views

UBUNTU-CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.1AI score0.00912EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.46 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.6AI score0.00912EPSS
Exploits0References1
CVE
CVE
added 2022/03/11 5:54 p.m.104 views

CVE-2021-32474

CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...

7.2CVSS6.7AI score0.00912EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.5 views

PT-2023-25157 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw...

9.8CVSS6.8AI score0.49102EPSS
Exploits11References90
Prion
Prion
added 2017/11/03 6:29 p.m.14 views

Code injection

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...

4CVSS6.5AI score0.00619EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/11/03 6:29 p.m.18 views

CVE-2017-1000131

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...

6.5CVSS6.6AI score0.00619EPSS
Exploits1References1
CVE
CVE
added 2017/11/03 6:0 p.m.56 views

CVE-2017-1000131

Mahara is affected by CVE-2017-1000131: versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2 allow a user to remain logged in after logout when using MNet SSO with Moodle. The root cause is Mahara not properly implementing one of the MNet SSO API functions. Public details...

6.5CVSS6.5AI score0.00619EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/11/03 6:0 p.m.24 views

CVE-2017-1000131

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...

6.6AI score0.00619EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2013/10/19 12:0 a.m.44 views

MNET Solution XSS / SQL Injection / File Upload

Title : MNET Solution Multiple Vulnerabilities Author : DevilScreaM Date : 10/19/2013 Category : Web Applications Type : PHP Vendor : http://mnet.co.th Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber...

0.4AI score
Exploits0
NVD
NVD
added 2012/07/20 10:40 a.m.24 views

CVE-2011-4588

The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...

5CVSS6.5AI score0.02149EPSS
Exploits0References4
NVD
NVD
added 2012/07/20 10:40 a.m.25 views

CVE-2011-4584

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...

4CVSS6.2AI score0.01727EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/07/20 10:40 a.m.18 views

CVE-2011-4584

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...

4CVSS5.9AI score0.01727EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2012/07/20 10:40 a.m.24 views

CVE-2011-4588

The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...

5CVSS5.9AI score0.02149EPSS
Exploits0References1
Prion
Prion
added 2012/07/20 10:40 a.m.20 views

Design/Logic Flaw

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...

4CVSS6.8AI score0.01727EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder