Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-0983

  • EPSS 0.31%
  • Published 25.03.2022 19:15:10
  • Last modified 21.11.2024 06:39:47

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

6.1

CVE-2021-32478

  • EPSS 2.83%
  • Published 11.03.2022 18:15:19
  • Last modified 21.11.2024 06:07:07

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

4.3

CVE-2021-32477

  • EPSS 0.28%
  • Published 11.03.2022 18:15:18
  • Last modified 21.11.2024 06:07:06

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.

7.5

CVE-2021-32476

  • EPSS 0.65%
  • Published 11.03.2022 18:15:17
  • Last modified 21.11.2024 06:07:06

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

5.4

CVE-2021-32475

  • EPSS 0.73%
  • Published 11.03.2022 18:15:16
  • Last modified 21.11.2024 06:07:06

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

5.3

CVE-2021-32473

  • EPSS 0.45%
  • Published 11.03.2022 18:15:15
  • Last modified 21.11.2024 06:07:06

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected

7.2

CVE-2021-32474

  • EPSS 0.77%
  • Published 11.03.2022 18:15:15
  • Last modified 21.11.2024 06:07:06

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, ...

4.3

CVE-2021-32472

  • EPSS 0.39%
  • Published 11.03.2022 18:15:14
  • Last modified 21.11.2024 06:07:06

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.

9.8

CVE-2022-0332

  • EPSS 2.57%
  • Published 25.01.2022 20:15:08
  • Last modified 21.11.2024 06:38:23

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

5.5

CVE-2022-0333

  • EPSS 0.25%
  • Published 25.01.2022 20:15:08
  • Last modified 21.11.2024 06:38:23

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from...