6 matches found
EUVD-2012-5972
Malware in sbrugna...
CVE-2012-6103
Multiple cross-site request forgery CSRF vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages...
Moodle has an IDOR in messaging web service which allows access to some user details
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...
CVE-2025-3645
CVE-2025-3645 : In Moodle, insufficient capability checks in a messaging web service allow a user to view other users’ names and online statuses. Documents confirm Moodle as affected; impact is user information disclosure (names and presence). Base score 4.3 (Medium) per CVSS 3.1 metrics. No expl...
UBUNTU-CVE-2015-0214
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request...
UBUNTU-CVE-2012-6103
Multiple cross-site request forgery CSRF vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages...