Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-1833

  • EPSS 0.21%
  • Published 25.03.2013 21:55:04
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a c...

4

CVE-2013-1834

  • EPSS 0.31%
  • Published 25.03.2013 21:55:04
  • Last modified 11.04.2025 00:51:21

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.

3.5

CVE-2013-1835

  • EPSS 0.31%
  • Published 25.03.2013 21:55:04
  • Last modified 11.04.2025 00:51:21

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

6.5

CVE-2013-1836

  • EPSS 0.64%
  • Published 25.03.2013 21:55:04
  • Last modified 11.04.2025 00:51:21

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories...

5

CVE-2013-1830

  • EPSS 0.4%
  • Published 25.03.2013 21:55:02
  • Last modified 11.04.2025 00:51:21

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the ...

5

CVE-2013-1831

  • EPSS 0.36%
  • Published 25.03.2013 21:55:02
  • Last modified 11.04.2025 00:51:21

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

4

CVE-2013-1829

  • EPSS 0.2%
  • Published 25.03.2013 21:55:01
  • Last modified 11.04.2025 00:51:21

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the st...

5

CVE-2012-6104

  • EPSS 0.28%
  • Published 27.01.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.

5

CVE-2012-6105

  • EPSS 0.28%
  • Published 27.01.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading th...

5.5

CVE-2012-6106

  • EPSS 0.44%
  • Published 27.01.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role an...