Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-4299

  • EPSS 0.3%
  • Veröffentlicht 11.07.2012 10:26:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.

5

CVE-2011-4300

  • EPSS 0.26%
  • Veröffentlicht 11.07.2012 10:26:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

5

CVE-2011-4301

  • EPSS 0.27%
  • Veröffentlicht 11.07.2012 10:26:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form ...

6.8

CVE-2011-4302

  • EPSS 0.13%
  • Veröffentlicht 11.07.2012 10:26:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certi...

4.3

CVE-2011-4303

  • EPSS 0.18%
  • Veröffentlicht 11.07.2012 10:26:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.

5

CVE-2011-4203

Exploit
  • EPSS 0.48%
  • Veröffentlicht 22.12.2011 15:29:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting att...

5

CVE-2011-3757

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.09.2011 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.

4.3

CVE-2010-2228

  • EPSS 0.61%
  • Veröffentlicht 28.06.2010 17:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

4.3

CVE-2010-2229

  • EPSS 0.61%
  • Veröffentlicht 28.06.2010 17:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4

CVE-2010-2230

  • EPSS 0.4%
  • Veröffentlicht 28.06.2010 17:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.