CVE-2012-6106
- EPSS 1.27%
- Veröffentlicht 27.01.2013 22:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role an...
- EPSS 2.29%
- Veröffentlicht 27.01.2013 22:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly ha...
- EPSS 1.11%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authent...
- EPSS 1.12%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbit...
- EPSS 1.12%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastacc...
CVE-2012-6101
- EPSS 1.21%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfiles...
CVE-2012-6102
- EPSS 1.36%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
CVE-2012-6103
- EPSS 0.66%
- Veröffentlicht 27.01.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary use...
- EPSS 1.12%
- Veröffentlicht 21.11.2012 12:55:03
- Zuletzt bearbeitet 16.06.2026 23:46:50
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.
CVE-2012-5479
- EPSS 1.27%
- Veröffentlicht 21.11.2012 12:55:03
- Zuletzt bearbeitet 16.06.2026 23:46:51
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.