Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2012-3397

  • EPSS 0.2%
  • Veröffentlicht 23.07.2012 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote auth...

6.5

CVE-2012-2359

  • EPSS 0.39%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining t...

3.5

CVE-2012-2360

  • EPSS 0.16%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted int...

3.5

CVE-2012-2361

  • EPSS 0.16%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTM...

2.6

CVE-2012-2362

  • EPSS 0.29%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.ph...

6.5

CVE-2012-2363

  • EPSS 0.27%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.

3.5

CVE-2012-2364

  • EPSS 0.16%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compre...

3.5

CVE-2012-2365

  • EPSS 0.18%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

5.5

CVE-2012-2366

  • EPSS 0.39%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

4

CVE-2012-2367

  • EPSS 0.24%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.