VIR Vulnerability Intelligence Relay

Package impact

php Packagist / moodle/moodle

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-2641 critical 9.8 9.8 9y ago Moodle SQL injection via user preferences php
CVE-2016-3734 high 8.8 8.8 9y ago Moodle Cross-site request forgery (CSRF) vulnerability php
CVE-2016-9187 high 8.8 8.8 10y ago Moodle Unrestricted file upload vulnerability php
CVE-2016-2157 high 8.8 8.8 10y ago Moodle cross-site request forgery (CSRF) vulnerability php
CVE-2015-5338 high 8.8 8.8 10y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities php
CVE-2015-5267 high 7.5 7.5 10y ago Moodle uses predictable password-recovery tokens php
CVE-2014-7845 high 7.5 12y ago Moodle Temporary Passwords are Brute Force-able php
CVE-2014-3541 high 7.5 12y ago Moodle vulnerable to PHP object injection attacks php
CVE-2010-1615 high 7.5 16y ago Moodle vulnerable to SQL injection php
CVE-2015-3272 high 7.4 7.4 10y ago Moodle open redirect vulnerability php
CVE-2016-7038 high 7.3 7.3 10y ago Moodle Weak Password Recovery Mechanism for Forgotten Password php
CVE-2015-5266 medium 6.8 6.8 10y ago Moodle allows attackers to obtain manager privileges php
CVE-2015-2268 medium 6.8 11y ago Moodle allows attackers to cause a denial of service php
CVE-2015-1493 medium 6.8 11y ago Moodle directory traversal vulnerability php
CVE-2015-0218 medium 6.8 11y ago Moodle cross-site request forgery (CSRF) vulnerability php
CVE-2015-0217 medium 6.8 11y ago Moodle allows attackers to cause a denial of service php
CVE-2015-0213 medium 6.8 11y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities php
CVE-2014-7838 medium 6.8 12y ago Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module php
CVE-2014-7836 medium 6.8 12y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities php
CVE-2014-0214 medium 6.8 12y ago Moodle creates a MoodleMobile web-service token with an infinite lifetime php
CVE-2014-0213 medium 6.8 12y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities php
CVE-2014-0126 medium 6.8 12y ago Moodle cross-site request forgery (CSRF) vulnerability php
CVE-2011-4287 medium 6.8 14y ago Moodle does not force password changes for autosubscribed users php
CVE-2011-4281 medium 6.8 14y ago Moodle vulnerable to Cross-Site Request Forgery php
CVE-2011-4133 medium 6.8 14y ago Moodle vulnerable to Cross-Site Request Forgery php
CVE-2011-4298 medium 6.8 14y ago Moodle vulnerable to Cross-Site Request Forgery php
CVE-2010-1613 medium 6.8 16y ago Moodle Session Fixation vulnerability php
CVE-2017-7532 medium 6.5 6.5 9y ago Moodle Improper Privilege Management php
CVE-2017-2642 medium 6.5 6.5 9y ago Moodle User fullname disclosure on user preferences page php
CVE-2016-3729 medium 6.5 6.5 9y ago Moodle Improper Access Control php
CVE-2013-1836 medium 6.5 13y ago Moodle does not properly manage privileges for WebDAV repositories php
CVE-2012-5471 medium 6.5 14y ago Moodle Allows Unauthenticated Dropbox Access php
CVE-2011-4297 medium 6.4 14y ago Moodle does not properly restrict comment capabilities php
CVE-2011-4293 medium 6.4 14y ago Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory php
CVE-2017-7489 medium 6.3 6.3 9y ago Moodle External blog editing takeover php
CVE-2017-12156 medium 6.1 6.1 9y ago Moodle XSS Vulnerability php
CVE-2017-2645 medium 6.1 6.1 9y ago Moodle XSS in attachments to evidence of prior learning php
CVE-2017-2644 medium 6.1 6.1 9y ago Moodle XSS Vulnerability php
CVE-2017-2578 medium 6.1 6.1 10y ago Moodle Cross-site Scripting in assignment submission page php
CVE-2016-9188 medium 6.1 6.1 10y ago Moodle XSS Vulnerability php
CVE-2016-2153 medium 6.1 6.1 10y ago Moodle Reflected XSS in mod_data advanced search php
CVE-2016-2152 medium 6.1 6.1 10y ago Moodle XSS from profile fields from external db php
CVE-2016-0725 medium 6.1 6.1 10y ago Moodle Cross-site scripting (XSS) vulnerability in course management search fedoraphp
CVE-2015-5337 medium 6.1 6.1 10y ago Moodle XSS Vulnerability php
CVE-2015-3275 medium 6.1 6.1 10y ago Moodle multiple cross-site scripting (XSS) vulnerabilities php
CVE-2015-3274 medium 6.1 6.1 10y ago Moodle cross-site scripting (XSS) vulnerability php
CVE-2014-3545 medium 6.0 12y ago Moodle remote code execution via quiz questions php
CVE-2015-3175 medium 5.8 11y ago Moodle Arbitrary Redirect php
CVE-2014-0125 medium 5.8 12y ago Moodle places a session key in a URL php
CVE-2011-4294 medium 5.8 14y ago Moodle Open Redirect Via Error Messages php
CVE-2014-7837 medium 5.5 12y ago Moodle allows attackers to remove wiki pages php
CVE-2012-0797 medium 5.5 14y ago Moodle Users Can Bypass Deleted Status php
CVE-2011-4285 medium 5.5 14y ago Moodle Incorrect Default Settings php
CVE-2017-7298 medium 5.4 5.4 9y ago Moodle Cross-site Scripting in the Course summary filter of the Add a new course php
CVE-2016-5014 medium 5.4 5.4 10y ago Moodle sensitive information disclosure php
CVE-2016-5013 medium 5.4 5.4 10y ago Moodle Does Not Escape Characters In Email Headers php
CVE-2015-5336 medium 5.4 5.4 10y ago Moodle multiple cross-site scripting (XSS) vulnerabilities php
CVE-2015-5269 medium 5.4 5.4 10y ago Moodle cross-site scripting (XSS) vulnerability php
CVE-2015-5264 medium 5.4 5.4 10y ago Moodle allows attackers to enter additional answer attempts php
CVE-2017-7490 medium 5.3 5.3 9y ago Moodle Unauthorized searching of arbitrary blogs by typing full url php
CVE-2017-2643 medium 5.3 5.3 9y ago Moodle Global search displays user names for unauthenticated users php
CVE-2017-2576 medium 5.3 5.3 10y ago Moodle Incorrect sanitation of attributes in forums php
CVE-2016-8642 medium 5.3 5.3 10y ago Moodle Unauthenticated Access php
CVE-2016-5012 medium 5.3 5.3 10y ago Moodle Glossary search displays entries without checking user permissions to view them php
CVE-2016-2190 medium 5.3 5.3 10y ago Moodle sensitive information disclosure php
CVE-2014-9060 medium 5.0 12y ago Moodle allows attackers to trigger the generation of arbitrary messages php
CVE-2014-7848 medium 5.0 12y ago Moodle allows attacks to obtain sensitive information php
CVE-2014-7847 medium 5.0 12y ago Moodle allows attackers to cause a denial of service php
CVE-2014-3546 medium 5.0 12y ago Moodle allows attackers to obtain username and course information php
CVE-2014-0216 medium 5.0 12y ago Moodle does not properly restrict file access php
CVE-2013-4522 medium 5.0 13y ago Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor php
CVE-2013-2083 medium 5.0 13y ago Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class php
CVE-2013-2082 medium 5.0 13y ago Moodle does not enforce capability requirements for reading blog comments php
CVE-2013-1831 medium 5.0 13y ago Moodle reveals absolute path in exception message php
CVE-2013-1830 medium 5.0 13y ago Moodle does not enforce the forceloginforprofiles setting fedoraphp
CVE-2012-6112 medium 5.0 14y ago classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x be… debianphp
CVE-2011-4284 medium 5.0 14y ago Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page php
CVE-2011-4283 medium 5.0 14y ago Moodle allows remote attackers to obtain sensitive information php
CVE-2011-4279 medium 5.0 14y ago Moodle does not use the forceloginforprofiles setting for course-profiles access control php
CVE-2011-4301 medium 5.0 14y ago Moodle Allows Modification of Constants php
CVE-2011-4300 medium 5.0 14y ago Moodle does not properly restrict access to category and course data php
CVE-2011-4203 medium 5.0 15y ago Moodle CRLF Injection Vulnerability in Calendar Component php
CVE-2014-3553 medium 4.9 12y ago Moodle does not enforce the moodle/site:accessallgroups capability requirement php
CVE-2014-0127 medium 4.9 12y ago Moodle's time-validation implementation allows bypassing intended restrictions php
CVE-2014-0123 medium 4.9 12y ago Moodle does not properly restrict access php
CVE-2014-0122 medium 4.9 12y ago Moodle allows bypass of intended access restrictions php
CVE-2011-4582 medium 4.9 14y ago Moodle Open Redirect in Calendar Set Page php
CVE-2013-3630 medium 4.6 13y ago Moodle Authenticated Spelling Binary Remote Code Execution php
CVE-2017-15110 medium 4.3 4.3 9y ago Moodle Exposure of Sensitive Information to an Unauthorized Actor php
CVE-2017-12157 medium 4.3 4.3 9y ago Moodle sensitive information disclosure php
CVE-2017-7531 medium 4.3 4.3 9y ago Moodle Information Disclosure php
CVE-2017-7491 medium 4.3 4.3 9y ago Moodle Cross-Site Request Forgery (CSRF) php
CVE-2016-3733 medium 4.3 4.3 9y ago Moodle Improper Access Control php
CVE-2016-3732 medium 4.3 4.3 9y ago Moodle sensitive information disclosure php
CVE-2016-2159 medium 4.3 4.3 10y ago Moodle External function mod_assign_save_submission does not check due dates php
CVE-2016-2158 medium 4.3 4.3 10y ago Moodle allows attackers to obtain sensitive category-detail information php
CVE-2016-2156 medium 4.3 4.3 10y ago Moodle provides calendar-event data without considering whether an activity is hidden php
CVE-2016-2155 medium 4.3 4.3 10y ago Moodle allows attackers to modify "Exclude grade" settings php
CVE-2016-2154 medium 4.3 4.3 10y ago Moodle allows attackers to discover hidden course names php
CVE-2016-2151 medium 4.3 4.3 10y ago Moodle allows attackers to discover student e-mail addresses php