Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-3273

  • EPSS 0.28%
  • Veröffentlicht 22.02.2016 05:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by lev...

7.4

CVE-2015-3272

  • EPSS 0.35%
  • Veröffentlicht 22.02.2016 05:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishin...

4

CVE-2015-3181

  • EPSS 0.33%
  • Veröffentlicht 01.06.2015 19:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users...

3.5

CVE-2015-3179

  • EPSS 0.33%
  • Veröffentlicht 01.06.2015 19:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

4

CVE-2015-3180

  • EPSS 0.31%
  • Veröffentlicht 01.06.2015 19:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspend...

3.5

CVE-2015-3178

  • EPSS 0.21%
  • Veröffentlicht 01.06.2015 19:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web sc...

3.5

CVE-2015-3177

  • EPSS 0.31%
  • Veröffentlicht 01.06.2015 19:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

4.3

CVE-2015-3176

  • EPSS 0.44%
  • Veröffentlicht 01.06.2015 19:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

5.8

CVE-2015-3175

  • EPSS 0.4%
  • Veröffentlicht 01.06.2015 19:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an erro...

3.5

CVE-2015-3174

  • EPSS 0.23%
  • Veröffentlicht 01.06.2015 19:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via craft...