Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-0126

  • EPSS 0.13%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for r...

4.9

CVE-2014-0127

  • EPSS 0.17%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended ...

4

CVE-2014-0129

  • EPSS 0.19%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

3.5

CVE-2014-2571

  • EPSS 0.21%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web...

4

CVE-2014-2572

  • EPSS 0.25%
  • Veröffentlicht 24.03.2014 14:20:39
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

5.5

CVE-2014-0009

  • EPSS 0.36%
  • Veröffentlicht 20.01.2014 15:14:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS confi...

6.8

CVE-2014-0010

  • EPSS 0.3%
  • Veröffentlicht 20.01.2014 15:14:32
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of ...

4

CVE-2014-0008

  • EPSS 0.42%
  • Veröffentlicht 20.01.2014 15:14:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

5

CVE-2013-4522

Exploit
  • EPSS 0.28%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had...

3.5

CVE-2013-4523

Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.11.2013 05:25:38
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.