CVE-2016-7038
- EPSS 0.97%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
CVE-2016-8642
- EPSS 1.2%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
CVE-2016-8643
- EPSS 0.68%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVE-2016-8644
- EPSS 1.18%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
CVE-2017-2576
- EPSS 1.02%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVE-2017-2578
- EPSS 0.86%
- Veröffentlicht 20.01.2017 08:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Moodle 3.x, there is XSS in the assignment submission page.
CVE-2016-9188
- EPSS 1.54%
- Veröffentlicht 04.11.2016 10:59:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
CVE-2016-9187
- EPSS 3.97%
- Veröffentlicht 04.11.2016 10:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspe...
CVE-2016-9186
- EPSS 3.82%
- Veröffentlicht 04.11.2016 10:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via uns...
CVE-2016-7919
- EPSS 2.25%
- Veröffentlicht 28.10.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevan...