Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-2571

  • EPSS 0.21%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web...

4

CVE-2014-2572

  • EPSS 0.18%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

5.5

CVE-2014-0009

  • EPSS 0.36%
  • Veröffentlicht 20.01.2014 15:14:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS confi...

6.8

CVE-2014-0010

  • EPSS 0.3%
  • Veröffentlicht 20.01.2014 15:14:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of ...

4

CVE-2014-0008

  • EPSS 0.42%
  • Veröffentlicht 20.01.2014 15:14:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

5

CVE-2013-4522

Exploit
  • EPSS 0.28%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had...

3.5

CVE-2013-4523

Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.

6.8

CVE-2013-4524

Exploit
  • EPSS 0.33%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

3.5

CVE-2013-4525

Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HT...

4.6

CVE-2013-3630

Exploit
  • EPSS 64.52%
  • Veröffentlicht 01.11.2013 02:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.