Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-7847

  • EPSS 0.73%
  • Veröffentlicht 24.11.2014 11:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitu...

4

CVE-2014-7846

  • EPSS 0.24%
  • Veröffentlicht 24.11.2014 11:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access ...

7.5

CVE-2014-7845

  • EPSS 0.71%
  • Veröffentlicht 24.11.2014 11:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-f...

6.8

CVE-2014-7838

  • EPSS 0.17%
  • Veröffentlicht 24.11.2014 11:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for request...

5.5

CVE-2014-7837

  • EPSS 0.61%
  • Veröffentlicht 24.11.2014 11:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.

6.8

CVE-2014-7836

  • EPSS 0.17%
  • Veröffentlicht 24.11.2014 11:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod...

2.1

CVE-2014-7835

  • EPSS 0.18%
  • Veröffentlicht 24.11.2014 11:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross...

4

CVE-2014-7834

  • EPSS 0.19%
  • Veröffentlicht 24.11.2014 11:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

4

CVE-2014-7833

  • EPSS 0.27%
  • Veröffentlicht 24.11.2014 11:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by access...

4

CVE-2014-7832

  • EPSS 0.24%
  • Veröffentlicht 24.11.2014 11:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to by...