Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2020-12-01
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
Max CVSS
10.0
EPSS Score
0.32%
Published
2004-12-31
Updated
2008-09-05
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
Max CVSS
10.0
EPSS Score
0.21%
Published
2004-12-31
Updated
2020-12-01
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
Max CVSS
10.0
EPSS Score
0.18%
Published
2004-12-31
Updated
2020-12-01
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2005-07-12
Updated
2020-12-01
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2006-09-23
Updated
2020-12-01
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2006-09-23
Updated
2020-12-01
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
Max CVSS
10.0
EPSS Score
0.14%
Published
2019-03-25
Updated
2019-10-09
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-03-26
Updated
2017-08-16
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
Max CVSS
9.8
EPSS Score
0.71%
Published
2021-11-22
Updated
2022-12-21
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-03-06
Updated
2023-03-13
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
Max CVSS
9.8
EPSS Score
0.12%
Published
2023-03-06
Updated
2023-03-13
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
Max CVSS
9.8
EPSS Score
0.44%
Published
2023-03-06
Updated
2023-03-13
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
Max CVSS
9.8
EPSS Score
0.24%
Published
2022-01-25
Updated
2022-02-01
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Max CVSS
9.8
EPSS Score
0.32%
Published
2022-05-18
Updated
2022-12-21
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Max CVSS
9.8
EPSS Score
0.29%
Published
2022-05-18
Updated
2022-12-21
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Max CVSS
9.8
EPSS Score
2.88%
Published
2022-07-25
Updated
2022-12-21
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
Max CVSS
9.8
EPSS Score
0.50%
Published
2022-09-30
Updated
2022-12-21
A limited SQL injection risk was identified in the "browse list of users" site administration page.
Max CVSS
9.8
EPSS Score
0.15%
Published
2022-09-30
Updated
2022-12-21
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
Max CVSS
9.8
EPSS Score
0.32%
Published
2023-11-09
Updated
2023-11-17
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Max CVSS
9.8
EPSS Score
0.37%
Published
2023-03-23
Updated
2023-03-31
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.
Max CVSS
9.1
EPSS Score
0.17%
Published
2020-03-31
Updated
2020-04-02

CVE-2021-21809

Public exploit
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
Max CVSS
9.1
EPSS Score
2.41%
Published
2021-06-23
Updated
2022-08-24
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
Max CVSS
9.1
EPSS Score
0.20%
Published
2022-11-25
Updated
2023-02-01
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-02-22
Updated
2020-12-01
522 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!