15 matches found
BIT-MOODLE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
Moodle 3.5.x < 3.5.18 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.5.x prior to 3.5.18, 3.8.x prior to 3.8.9, 3.9.x prior to 3.9.7 or 3.10.x prior to 3.10.4. It is, therefore, affected by multiple vulnerabilities: - An authorization issue allowing teachers to export a CSV file containing forums from all...
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
CVE-2021-32473
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...
Cross site scripting
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
CVE-2021-32474
CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
PT-2020-16163 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.14 Moodle versions 3.7 to 3.7.8 Moodle versions 3.8 to 3.8.5 Moodle versions 3.9 to 3.9.2 Description: The upload course tool in Moodle contains an issue where deleting a non-existent or disabled enrollment method...
PT-2020-12303 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.8 before 3.8.3 Moodle versions 3.7 before 3.7.6 Moodle versions 3.6 before 3.6.10 Moodle versions 3.5 before 3.5.12 Moodle earlier unsupported versions Description: A flaw was found in Moodle that allows creating a SCORM...
CVE-2019-14884
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages...
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF...
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF...
Server side request forgery (ssrf)
Moodle 3.5.x before 3.5.4 allows SSRF...
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF...