26 matches found
Insertion of Sensitive Information Into Sent Data
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the urls during anonymous assignment submissions. An attacker can access internal user identifiers by viewing exposed URLs, which may compromise...
CVE-2025-67857
CVE-2025-67857 affects Moodle: during anonymous assignment submissions, internal user IDs are exposed in URLs, enabling information disclosure. CVSS v3.1: AV N, AC L, PR N, UI R, S U, C L, I N, A N (base 4.3, MEDIUM). Connected sources note no vendor patch is available yet; several advisories lis...
Brute Force
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Brute Force via the authentication endpoints for the mobile client and authwebservice. An attacker can repeatedly attempt to guess user credentials by sending multiple authentication requests withou...
PT-2025-43447
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description The authentication endpoints for Moodle’s mobile and web services did not adequately limit repeated password attempts, leaving them open to brute-force attacks. The vulnerable endpoints are th...
Linux Distros Unpatched Vulnerability : CVE-2024-1439
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with high...
Cross-site Request Forgery (CSRF)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the analysis request action in the Brickfield tool. An attacker can manipulate the state of the application by sending a crafted request that the server accep...
Cross-site Request Forgery (CSRF)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient CSRF protection in the user tours manager. An attacker can duplicate existing tours without needing authentication by exploiting this vulnerabilit...
Incorrect Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks in the messaging web service. An attacker can view other users' names and online statuses by exploiting this flaw. Remediation Upgrade...
Information Exposure
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the assignment submissions search feature. An attacker can reveal student identities by exploiting the search functionality on anonymous submissions. Remediation Upgrade...
Incorrect Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to improper enforcement of access controls in the feedback response handling process. An attacker can view or delete feedback responses by exploiting the lack of proper...
SQL Injection
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to SQL Injection through the module list filter within course search. Remediation Upgrade moodle/moodle to version 4.1.16, 4.3.10, 4.4.6, 4.5.2 or higher. References - Git Commit - Moodle Forum Credit:...
Incorrect Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient capability checks, which allow attackers to disable badges they do not have permission to access. Remediation Upgrade moodle/moodle to version 4.1.16,...
Improper Authorization
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authorization due to insufficient permission checks in the RSS feed management functionality. An attacker can manipulate or delete RSS feeds they should not have access to by exploiting the...
Moodle 安全漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the fact that users who are authorized to remove audiences from...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient access control mechanisms implemented in the external API for quiz overrides. Remediation Upgrade moodle/moodle to version 4.4.2 or higher. References -...
Improper Input Validation
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Input Validation through the TeX notation filter. An attacker can read arbitrary files by exploiting insufficient sanitizing in the filter. Remediation Upgrade moodle/moodle to version...
SQL Injection
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to SQL Injection through the XMLDB editor tool. An attacker with administrative privileges can manipulate database queries and potentially access or modify data without proper authorization by injectin...
Moodle Security Breach
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from insufficient parameter escaping, resulting in a stored cross-site scripting...
CVE-2023-23921
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable...
SUSE CVE-2009-4298
The LAMS module mod/lams for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the 1 username, 2 firstname, and 3 lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors...