Software
composer/moodle/moodlemoodle: CSRF risks due to misuse of confirm_sesskey
composer/moodle/moodlemoodle: CSRF risk in analytics management of models
redhat/moodleMoodle: authenticated remote code execution risk in imscp
redhat/moodleMoodle: authenticated remote code execution risk in lesson
Moodle MoodleMoodle: ssrf risk due to insufficient check on the curl blocked hosts
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleMoodle: minor sql injection risk in external wiki method for listing pages
Moodle MoodleMoodle: csrf risk in resetting all templates of a database activity
Moodle MoodleMoodle: authenticated sql injection via availability check
Moodle MoodleIn Moodle, the file repository's URL parsing required additional recursion handling to mitigate the …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleMoodle: possible to set the preferred "start page" of other users
Moodle MoodleIn Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleIn Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it ca…
Moodle MoodleA denial-of-service risk was identified in the draft files area, due to it not respecting user file …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/moodle/moodleA vulnerability was found in Moodle where users with "Log in as" capability in a course context (typ…
Moodle MoodleA vulnerability was found in Moodle where the decompressed size of zip files was not checked against…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/moodleInsufficient capability checks could lead to users with the ability to course restore adding additio…
redhat/moodleUsers' enrolment capabilities were not being sufficiently checked when they restored into an existin…
Fedoraproject FedoraMoodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraMoodle before 2.2.2 has users' private files included in course backups
Moodle MoodleA flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restr…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign thems…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleA flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentica…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Moodle MoodleIn Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or f…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.