Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-4941

  • EPSS 0.29%
  • Published 23.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.

4.6

CVE-2006-4942

  • EPSS 0.52%
  • Published 23.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix...

5

CVE-2006-4943

  • EPSS 0.33%
  • Published 23.09.2006 00:07:00
  • Last modified 03.04.2025 01:03:51

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

4.3

CVE-2006-4784

  • EPSS 0.41%
  • Published 14.09.2006 10:07:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

7.5

CVE-2006-4785

  • EPSS 1.93%
  • Published 14.09.2006 10:07:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record funct...

5

CVE-2006-4786

  • EPSS 0.47%
  • Published 14.09.2006 10:07:00
  • Last modified 03.04.2025 01:03:51

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

7.5

CVE-2006-0146

Exploit
  • EPSS 7.66%
  • Published 09.01.2006 23:03:00
  • Last modified 03.04.2025 01:03:51

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty,...

7.5

CVE-2006-0147

Exploit
  • EPSS 21.17%
  • Published 09.01.2006 23:03:00
  • Last modified 03.04.2025 01:03:51

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (...

7.5

CVE-2005-3648

Exploit
  • EPSS 1.45%
  • Published 17.11.2005 11:02:00
  • Last modified 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

2.6

CVE-2005-3649

Exploit
  • EPSS 8.39%
  • Published 17.11.2005 11:02:00
  • Last modified 03.04.2025 01:03:51

jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.