Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-1833

  • EPSS 0.21%
  • Veröffentlicht 25.03.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a c...

4

CVE-2013-1834

  • EPSS 0.31%
  • Veröffentlicht 25.03.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.

3.5

CVE-2013-1835

  • EPSS 0.31%
  • Veröffentlicht 25.03.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

6.5

CVE-2013-1836

  • EPSS 0.64%
  • Veröffentlicht 25.03.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories...

5

CVE-2013-1830

  • EPSS 0.4%
  • Veröffentlicht 25.03.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the ...

5

CVE-2013-1831

  • EPSS 0.36%
  • Veröffentlicht 25.03.2013 21:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

4

CVE-2013-1829

  • EPSS 0.2%
  • Veröffentlicht 25.03.2013 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the st...

5

CVE-2012-6104

  • EPSS 0.28%
  • Veröffentlicht 27.01.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.

5

CVE-2012-6105

  • EPSS 0.28%
  • Veröffentlicht 27.01.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading th...

5.5

CVE-2012-6106

  • EPSS 0.44%
  • Veröffentlicht 27.01.2013 22:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role an...