Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2012-6112

  • EPSS 0.6%
  • Published 27.01.2013 22:55:04
  • Last modified 11.04.2025 00:51:21

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly ha...

4

CVE-2012-6098

  • EPSS 0.19%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authent...

4

CVE-2012-6099

  • EPSS 0.2%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbit...

4

CVE-2012-6100

  • EPSS 0.2%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastacc...

5.8

CVE-2012-6101

  • EPSS 0.25%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfiles...

6.4

CVE-2012-6102

  • EPSS 0.27%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

6.8

CVE-2012-6103

  • EPSS 0.13%
  • Published 27.01.2013 22:55:03
  • Last modified 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary use...

4

CVE-2012-5473

  • EPSS 0.23%
  • Published 21.11.2012 12:55:03
  • Last modified 11.04.2025 00:51:21

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.

6.5

CVE-2012-5479

  • EPSS 0.58%
  • Published 21.11.2012 12:55:03
  • Last modified 11.04.2025 00:51:21

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.

6.4

CVE-2012-5480

  • EPSS 0.3%
  • Published 21.11.2012 12:55:03
  • Last modified 11.04.2025 00:51:21

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.