72 matches found
SQL Injection
moodle/moodle is vulnerable to SQL Injection attacks. The library does not properly sanitize the keepaliveserver function in the auth.php file allowing a malicious user to inject and execute malicious XML-RPC requests via the MNet peer...
GHSA-RVMC-8GMG-GGQR Moodle Blind SQL injection possible via MNet authentication
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
Moodle Blind SQL injection possible via MNet authentication
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
UBUNTU-CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
CVE-2021-32474
CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...
PT-2023-25157 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw...
Code injection
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...
CVE-2017-1000131
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...
CVE-2017-1000131
Mahara is affected by CVE-2017-1000131: versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2 allow a user to remain logged in after logout when using MNet SSO with Moodle. The root cause is Mahara not properly implementing one of the MNet SSO API functions. Public details...
CVE-2017-1000131
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...
MNET Solution XSS / SQL Injection / File Upload
Title : MNET Solution Multiple Vulnerabilities Author : DevilScreaM Date : 10/19/2013 Category : Web Applications Type : PHP Vendor : http://mnet.co.th Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber...
CVE-2011-4588
The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...
CVE-2011-4584
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...
CVE-2011-4584
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...
CVE-2011-4588
The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...
Design/Logic Flaw
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...