13 matches found
Moodle Information Disclosure Vulnerability (CNVD-2025-09237)
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the edit and delete pages of the moddata module...
The vulnerability of the mod_data module in the virtual training environment Moodle, which allows a intruder to gain unauthorized access to protected information
The vulnerability of the moddata module in the virtual training environment Moodle is related to the disclosure of information through query strings. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Cross-Site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to information leakage through URLs due to confidential CSRF protection data being exposed on edit and delete pages within the moddata module, allows an attacker to potentially perform Cross-Site Request...
Moodle 安全漏洞
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the edit and delete pages of the moddata module...
GHSA-9RHQ-86FM-QXQC Duplicate Advisory: Hard-coded credentials in org.folio:mod-data-export-spring
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vf78-3q9f-92g3. This link is maintained to preserve external references. Original Description Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows...
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687 FOLIO mod-data-export-spring Hard-Coded Credentials
Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines...
CVE-2024-23687
CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...
mod-data-export-spring Trust Management Issues Vulnerability
mod-data-export-spring is a FOLIO open source API for data export Spring modules. A security vulnerability exists in mod-data-export-spring versions prior to 1.5.4, 2.0.0 through 2.0.2, which stems from the use of hard-coded credentials...
Moodle mod_data advanced search cross-site scripting vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in the moddata advanced search in Moodle...
CVE-2014-7833
CVE-2014-7833 affects Moodle releases up to 2.7.3, where mod/data/edit.php changes set a group ID to zero after a database-entry change. This behavior can allow remote authenticated users to disclose sensitive information by viewing the database after a teacher edits data. The root cause is descr...