Lucene search
K

20 matches found

OSV
OSV
added 2024/03/06 11:10 a.m.16 views

BIT-MOODLE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01047EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.30 views

Moodle 3.9.x < 3.9.19 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...

8.2CVSS6.1AI score0.00957EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.29 views

Moodle 3.9.x < 3.9.4 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...

7.2CVSS5.8AI score0.01572EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.32 views

Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.8, 3.10.x prior to 3.10.5 or 3.11.x prior to 3.11.1. It is, therefore, affected by multiple vulnerabilities: - An SQL injection in the library fetching a user's enrolled courses. CVE-2021-36392 - An SQL injection in the...

9.8CVSS7.7AI score0.52299EPSS
Exploits8References24
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.45 views

Moodle 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.185 views

Moodle 3.9.x < 3.9.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...

6.9CVSS7.5AI score0.99019EPSS
Exploits13References13
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.23 views

Moodle 3.9.x < 3.9.10 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.10, 3.10.x prior to 3.10.7 or 3.11.x prior to 3.11.3. It is, therefore, affected by multiple vulnerabilities: - A session hijack vulnerability was identified in the Shibboleth authentication plugin, when enabled...

6.5CVSS5.1AI score0.00901EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.37 views

Moodle 3.9.x < 3.9.14 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...

9.8CVSS7.4AI score0.04881EPSS
Exploits1References10
NVD
NVD
added 2022/03/11 6:15 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.4CVSS0.00569EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.26 views

CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.3CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2022/03/11 6:15 p.m.25 views

Cross site scripting

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

3.5CVSS5AI score0.00569EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.24 views

Open redirect

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

4.3CVSS5.8AI score0.01157EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/11 5:54 p.m.103 views

CVE-2021-32474

CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...

7.2CVSS6.7AI score0.0089EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.6AI score0.00569EPSS
Exploits0References1
Metasploit
Metasploit
added 2021/10/12 5:42 p.m.271 views

Moodle Teacher Enrollment Privilege Escalation to RCE

Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions allow for a teacher to exploit chain to RCE. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add...

8.8CVSS6.7AI score0.16425EPSS
Exploits8
0day.today
0day.today
added 2021/08/05 12:0 a.m.237 views

Moodle 3.9 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to manager rol:...

0.2AI score0.16425EPSS
Exploits8
Exploit DB
Exploit DB
added 2021/08/05 12:0 a.m.1222 views

Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Date: 12-05-2021 Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to...

8.8CVSS8.7AI score0.16425EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2021/05/10 12:0 a.m.5 views

PT-2021-3112 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: The issue is related to information disclosure. Exploitation of this issue could allow a remote attacker to gain unauthorized access to...

9.8CVSS6AI score0.52299EPSS
Exploits19References102
GithubExploit
GithubExploit
added 2021/04/28 7:46 p.m.162 views

Exploit for Incorrect Authorization in Moodle

Python script to exploit CVE-2020-14321https://moodle.org/mod...

8.8CVSS9AI score0.16425EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.7 views

PT-2020-16163 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 to 3.5.14 Moodle versions 3.7 to 3.7.8 Moodle versions 3.8 to 3.8.5 Moodle versions 3.9 to 3.9.2 Description: The upload course tool in Moodle contains an issue where deleting a non-existent or disabled enrollment method...

9.8CVSS6.3AI score0.52299EPSS
Exploits19References145
Rows per page
Query Builder