Moodle@2.1.0 Security Vulnerabilities and Issues — Page 3 of Moodle@2.1.0 CVE List

Lucene search

MoodleMoodle2.1.0

109 matches found

CVE•added 2012/07/21 3:38 a.m.•33 views

CVE-2012-2367

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

4CVSS6AI score0.00241EPSS

CVE•added 2012/07/23 9:55 p.m.•33 views

CVE-2012-3395

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

6.5CVSS7.8AI score0.00349EPSS

CVE•added 2012/07/23 9:55 p.m.•33 views

CVE-2012-3398

Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.

4CVSS6AI score0.00621EPSS

CVE•added 2012/11/21 12:55 p.m.•33 views

CVE-2012-5471

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.

6.5CVSS6.1AI score0.00498EPSS

CVE•added 2013/11/26 5:25 a.m.•33 views

CVE-2013-4524

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

6.8CVSS6.3AI score0.00332EPSS

Web

CVE•added 2013/11/26 5:25 a.m.•33 views

CVE-2013-4525

Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2012/07/16 10:28 a.m.•32 views

CVE-2011-4297

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

6.4CVSS6.8AI score0.00519EPSS

CVE•added 2012/07/11 10:26 a.m.•31 views

CVE-2011-4307

Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

4.3CVSS5.9AI score0.00296EPSS

Web

CVE•added 2011/12/22 3:29 p.m.•30 views

CVE-2011-4203

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.

5CVSS6.9AI score0.00245EPSS

Web

Total number of security vulnerabilities109