Moodle

Moodle

610 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2013-4313

  • EPSS 0.37%
  • Veröffentlicht 16.09.2013 13:02:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a cra...

4.3

CVE-2013-4341

Exploit
  • EPSS 13.06%
  • Veröffentlicht 16.09.2013 13:02:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.

7.5

CVE-2013-5674

  • EPSS 0.57%
  • Veröffentlicht 16.09.2013 13:02:48
  • Zuletzt bearbeitet 11.04.2025 00:51:21

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demons...

4

CVE-2013-2242

  • EPSS 0.16%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authe...

4

CVE-2013-2243

  • EPSS 0.18%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

4.3

CVE-2013-2244

  • EPSS 0.26%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.

4

CVE-2013-2245

  • EPSS 0.16%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitiv...

4

CVE-2013-2246

  • EPSS 0.18%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated...

4.3

CVE-2013-4938

  • EPSS 0.25%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows...

4.3

CVE-2013-4939

  • EPSS 0.31%
  • Veröffentlicht 29.07.2013 13:59:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, a...