Moodle

Moodle

632 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.59%
  • Veröffentlicht 19.02.2024 17:15:08
  • Zuletzt bearbeitet 23.01.2025 16:47:30

The URL parameters accepted by forum search were not limited to the allowed parameters.

  • EPSS 0.29%
  • Veröffentlicht 12.02.2024 11:15:08
  • Zuletzt bearbeitet 21.11.2024 08:50:35

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users with...

  • EPSS 0.24%
  • Veröffentlicht 09.11.2023 22:15:11
  • Zuletzt bearbeitet 21.11.2024 08:41:58

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

  • EPSS 0.28%
  • Veröffentlicht 09.11.2023 20:15:11
  • Zuletzt bearbeitet 21.11.2024 08:41:59

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

  • EPSS 1.17%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

  • EPSS 0.51%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

The course upload preview contained an XSS risk for users uploading unsafe data.

  • EPSS 0.29%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

  • EPSS 0.56%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

  • EPSS 1.37%
  • Veröffentlicht 09.11.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:59

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code ex...

  • EPSS 1.93%
  • Veröffentlicht 09.11.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:41:58

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.