Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-3273

  • EPSS 0.28%
  • Published 22.02.2016 05:59:01
  • Last modified 12.04.2025 10:46:40

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by lev...

7.4

CVE-2015-3272

  • EPSS 0.35%
  • Published 22.02.2016 05:59:00
  • Last modified 12.04.2025 10:46:40

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishin...

4

CVE-2015-3181

  • EPSS 0.33%
  • Published 01.06.2015 19:59:23
  • Last modified 12.04.2025 10:46:40

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users...

3.5

CVE-2015-3179

  • EPSS 0.33%
  • Published 01.06.2015 19:59:22
  • Last modified 12.04.2025 10:46:40

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

4

CVE-2015-3180

  • EPSS 0.31%
  • Published 01.06.2015 19:59:22
  • Last modified 12.04.2025 10:46:40

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspend...

3.5

CVE-2015-3178

  • EPSS 0.21%
  • Published 01.06.2015 19:59:21
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web sc...

3.5

CVE-2015-3177

  • EPSS 0.31%
  • Published 01.06.2015 19:59:20
  • Last modified 12.04.2025 10:46:40

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

4.3

CVE-2015-3176

  • EPSS 0.44%
  • Published 01.06.2015 19:59:19
  • Last modified 12.04.2025 10:46:40

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

5.8

CVE-2015-3175

  • EPSS 0.4%
  • Published 01.06.2015 19:59:18
  • Last modified 12.04.2025 10:46:40

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an erro...

3.5

CVE-2015-3174

  • EPSS 0.23%
  • Published 01.06.2015 19:59:17
  • Last modified 12.04.2025 10:46:40

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via craft...