Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-32472

  • EPSS 0.3%
  • Veröffentlicht 11.03.2022 18:15:14
  • Zuletzt bearbeitet 21.11.2024 06:07:06

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.

9.8

CVE-2022-0332

  • EPSS 3.1%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:23

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

5.5

CVE-2022-0333

  • EPSS 0.25%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:23

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from...

4.3

CVE-2022-0334

  • EPSS 0.15%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gr...

8.8

CVE-2022-0335

  • EPSS 0.11%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

6.1

CVE-2021-43558

  • EPSS 0.33%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

8.8

CVE-2021-43559

  • EPSS 0.11%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

5.3

CVE-2021-43560

  • EPSS 0.16%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

9.8

CVE-2021-3943

  • EPSS 1.19%
  • Veröffentlicht 22.11.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:23:12

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.

9.1

CVE-2021-21809

Exploit
  • EPSS 72.13%
  • Veröffentlicht 23.06.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:01

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabiliti...