Moodle

Moodle

632 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.91%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:16

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.

  • EPSS 1.68%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:16

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors i...

  • EPSS 1.09%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:16

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

  • EPSS 1.11%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:16

The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.

  • EPSS 1.23%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:16

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

  • EPSS 0.4%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:17

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated b...

  • EPSS 1.31%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 16.06.2026 23:38:17

lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.

  • EPSS 1.12%
  • Veröffentlicht 17.07.2012 10:20:52
  • Zuletzt bearbeitet 16.06.2026 23:38:16

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.

  • EPSS 2.12%
  • Veröffentlicht 17.07.2012 10:20:52
  • Zuletzt bearbeitet 16.06.2026 23:38:16

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

  • EPSS 1.4%
  • Veröffentlicht 17.07.2012 10:20:52
  • Zuletzt bearbeitet 16.06.2026 23:38:16

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic pro...