Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2012-2365

  • EPSS 0.18%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

5.5

CVE-2012-2366

  • EPSS 0.39%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.

4

CVE-2012-2367

  • EPSS 0.24%
  • Veröffentlicht 21.07.2012 03:38:56
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.

4

CVE-2012-2353

  • EPSS 0.18%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.

4

CVE-2012-2354

  • EPSS 0.16%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a...

4

CVE-2012-2355

  • EPSS 0.14%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.

4

CVE-2012-2356

  • EPSS 0.14%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.

5

CVE-2012-2357

  • EPSS 0.28%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffi...

5.5

CVE-2012-2358

  • EPSS 0.17%
  • Veröffentlicht 21.07.2012 03:38:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already ...

5

CVE-2011-4588

  • EPSS 0.25%
  • Veröffentlicht 20.07.2012 10:40:36
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.