Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-4941

  • EPSS 0.29%
  • Veröffentlicht 23.09.2006 00:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.

4.6

CVE-2006-4942

  • EPSS 0.52%
  • Veröffentlicht 23.09.2006 00:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix...

5

CVE-2006-4943

  • EPSS 0.33%
  • Veröffentlicht 23.09.2006 00:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

4.3

CVE-2006-4784

  • EPSS 0.41%
  • Veröffentlicht 14.09.2006 10:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

7.5

CVE-2006-4785

  • EPSS 1.93%
  • Veröffentlicht 14.09.2006 10:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record funct...

5

CVE-2006-4786

  • EPSS 0.47%
  • Veröffentlicht 14.09.2006 10:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

7.5

CVE-2006-0146

Exploit
  • EPSS 7.66%
  • Veröffentlicht 09.01.2006 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty,...

7.5

CVE-2006-0147

Exploit
  • EPSS 21.17%
  • Veröffentlicht 09.01.2006 23:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (...

7.5

CVE-2005-3648

Exploit
  • EPSS 1.45%
  • Veröffentlicht 17.11.2005 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

2.6

CVE-2005-3649

Exploit
  • EPSS 8.39%
  • Veröffentlicht 17.11.2005 11:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.