6 matches found
Moodle 4.1.x < 4.1.3 SQL injection
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...
Moodle < 3.9.21 SQL injection
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...
Moodle 4.0.x < 4.0.8 SQL injection
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...
Moodle 3.11.x < 3.11.14 SQL injection
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...
Authorization Bypass
Moodle is vulnerable to authorization bypasses. The attacks exist because mod/wiki/admin.php does not validate deletion parameters properly, allowing the users with deletion capability to at least one Wiki activity in the course to delete other Wiki pages in the same course...
Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...