Package impact

Packagist / moodle/moodle

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2017-2641	critical	9.8	10.0				9y ago	Moodle SQL injection via user preferences
CVE-2016-3734	high	8.8	8.8				9y ago	Moodle Cross-site request forgery (CSRF) vulnerability
CVE-2016-9187	high	8.8	8.8				10y ago	Moodle Unrestricted file upload vulnerability
CVE-2016-2157	high	8.8	8.8				10y ago	Moodle cross-site request forgery (CSRF) vulnerability
CVE-2015-5338	high	8.8	8.8				10y ago	Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2015-5267	high	7.5	7.5				10y ago	Moodle uses predictable password-recovery tokens
CVE-2014-7845	high	—	7.5				12y ago	Moodle Temporary Passwords are Brute Force-able
CVE-2014-3541	high	—	7.5				12y ago	Moodle vulnerable to PHP object injection attacks
CVE-2010-1615	high	—	7.5				16y ago	Moodle vulnerable to SQL injection
CVE-2015-3272	high	7.4	7.4				10y ago	Moodle open redirect vulnerability
CVE-2016-7038	high	7.3	7.3				10y ago	Moodle Weak Password Recovery Mechanism for Forgotten Password
CVE-2015-5266	medium	6.8	6.8				10y ago	Moodle allows attackers to obtain manager privileges
CVE-2015-2268	medium	—	6.8				11y ago	Moodle allows attackers to cause a denial of service
CVE-2015-1493	medium	—	6.8				11y ago	Moodle directory traversal vulnerability
CVE-2015-0218	medium	—	6.8				11y ago	Moodle cross-site request forgery (CSRF) vulnerability
CVE-2015-0217	medium	—	6.8				11y ago	Moodle allows attackers to cause a denial of service
CVE-2015-0213	medium	—	6.8				11y ago	Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2014-7838	medium	—	6.8				12y ago	Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
CVE-2014-7836	medium	—	6.8				12y ago	Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2014-0214	medium	—	6.8				12y ago	Moodle creates a MoodleMobile web-service token with an infinite lifetime
CVE-2014-0213	medium	—	6.8				12y ago	Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2014-0126	medium	—	6.8				12y ago	Moodle cross-site request forgery (CSRF) vulnerability
CVE-2011-4287	medium	—	6.8				14y ago	Moodle does not force password changes for autosubscribed users
CVE-2011-4281	medium	—	6.8				14y ago	Moodle vulnerable to Cross-Site Request Forgery
CVE-2011-4133	medium	—	6.8				14y ago	Moodle vulnerable to Cross-Site Request Forgery
CVE-2011-4298	medium	—	6.8				14y ago	Moodle vulnerable to Cross-Site Request Forgery
CVE-2010-1613	medium	—	6.8				16y ago	Moodle Session Fixation vulnerability
CVE-2017-7532	medium	6.5	6.5				9y ago	Moodle Improper Privilege Management
CVE-2017-2642	medium	6.5	6.5				9y ago	Moodle User fullname disclosure on user preferences page
CVE-2016-3729	medium	6.5	6.5				9y ago	Moodle Improper Access Control
CVE-2013-1836	medium	—	6.5				13y ago	Moodle does not properly manage privileges for WebDAV repositories
CVE-2012-5471	medium	—	6.5				14y ago	Moodle Allows Unauthenticated Dropbox Access
CVE-2011-4297	medium	—	6.4				14y ago	Moodle does not properly restrict comment capabilities
CVE-2011-4293	medium	—	6.4				14y ago	Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
CVE-2017-7489	medium	6.3	6.3				9y ago	Moodle External blog editing takeover
CVE-2017-12156	medium	6.1	6.1				9y ago	Moodle XSS Vulnerability
CVE-2017-2645	medium	6.1	6.1				9y ago	Moodle XSS in attachments to evidence of prior learning
CVE-2017-2644	medium	6.1	6.1				9y ago	Moodle XSS Vulnerability
CVE-2017-2578	medium	6.1	6.1				10y ago	Moodle Cross-site Scripting in assignment submission page
CVE-2016-9188	medium	6.1	6.1				10y ago	Moodle XSS Vulnerability
CVE-2016-2153	medium	6.1	6.1				10y ago	Moodle Reflected XSS in mod_data advanced search
CVE-2016-2152	medium	6.1	6.1				10y ago	Moodle XSS from profile fields from external db
CVE-2016-0725	medium	6.1	6.1				10y ago	Moodle Cross-site scripting (XSS) vulnerability in course management search
CVE-2015-5337	medium	6.1	6.1				10y ago	Moodle XSS Vulnerability
CVE-2015-3275	medium	6.1	6.1				10y ago	Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2015-3274	medium	6.1	6.1				10y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2014-3545	medium	—	6.0				12y ago	Moodle remote code execution via quiz questions
CVE-2015-3175	medium	—	5.8				11y ago	Moodle Arbitrary Redirect
CVE-2014-0125	medium	—	5.8				12y ago	Moodle places a session key in a URL
CVE-2011-4294	medium	—	5.8				14y ago	Moodle Open Redirect Via Error Messages
CVE-2013-3630	medium	—	5.6				13y ago	Moodle Authenticated Spelling Binary Remote Code Execution
CVE-2014-7837	medium	—	5.5				12y ago	Moodle allows attackers to remove wiki pages
CVE-2012-0797	medium	—	5.5				14y ago	Moodle Users Can Bypass Deleted Status
CVE-2011-4285	medium	—	5.5				14y ago	Moodle Incorrect Default Settings
CVE-2017-7298	medium	5.4	5.4				9y ago	Moodle Cross-site Scripting in the Course summary filter of the Add a new course
CVE-2016-5014	medium	5.4	5.4				10y ago	Moodle sensitive information disclosure
CVE-2016-5013	medium	5.4	5.4				10y ago	Moodle Does Not Escape Characters In Email Headers
CVE-2015-5336	medium	5.4	5.4				10y ago	Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2015-5269	medium	5.4	5.4				10y ago	Moodle cross-site scripting (XSS) vulnerability
CVE-2015-5264	medium	5.4	5.4				10y ago	Moodle allows attackers to enter additional answer attempts
CVE-2017-7490	medium	5.3	5.3				9y ago	Moodle Unauthorized searching of arbitrary blogs by typing full url
CVE-2017-2643	medium	5.3	5.3				9y ago	Moodle Global search displays user names for unauthenticated users
CVE-2017-2576	medium	5.3	5.3				10y ago	Moodle Incorrect sanitation of attributes in forums
CVE-2016-8642	medium	5.3	5.3				10y ago	Moodle Unauthenticated Access
CVE-2016-5012	medium	5.3	5.3				10y ago	Moodle Glossary search displays entries without checking user permissions to view them
CVE-2016-2190	medium	5.3	5.3				10y ago	Moodle sensitive information disclosure
CVE-2011-4280	medium	—	5.3				14y ago	Moodle vulnerable to XSS via bundled spikephpcoverage library
CVE-2014-9060	medium	—	5.0				12y ago	Moodle allows attackers to trigger the generation of arbitrary messages
CVE-2014-7848	medium	—	5.0				12y ago	Moodle allows attacks to obtain sensitive information
CVE-2014-7847	medium	—	5.0				12y ago	Moodle allows attackers to cause a denial of service
CVE-2014-3546	medium	—	5.0				12y ago	Moodle allows attackers to obtain username and course information
CVE-2014-0216	medium	—	5.0				12y ago	Moodle does not properly restrict file access
CVE-2013-4522	medium	—	5.0				13y ago	Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2083	medium	—	5.0				13y ago	Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
CVE-2013-2082	medium	—	5.0				13y ago	Moodle does not enforce capability requirements for reading blog comments
CVE-2013-1831	medium	—	5.0				13y ago	Moodle reveals absolute path in exception message
CVE-2013-1830	medium	—	5.0				13y ago	Moodle does not enforce the forceloginforprofiles setting
CVE-2012-6112	medium	—	5.0				14y ago	classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x be…
CVE-2011-4284	medium	—	5.0				14y ago	Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page
CVE-2011-4283	medium	—	5.0				14y ago	Moodle allows remote attackers to obtain sensitive information
CVE-2011-4279	medium	—	5.0				14y ago	Moodle does not use the forceloginforprofiles setting for course-profiles access control
CVE-2011-4301	medium	—	5.0				14y ago	Moodle Allows Modification of Constants
CVE-2011-4300	medium	—	5.0				14y ago	Moodle does not properly restrict access to category and course data
CVE-2011-4203	medium	—	5.0				15y ago	Moodle CRLF Injection Vulnerability in Calendar Component
CVE-2014-3553	medium	—	4.9				12y ago	Moodle does not enforce the moodle/site:accessallgroups capability requirement
CVE-2014-0127	medium	—	4.9				12y ago	Moodle's time-validation implementation allows bypassing intended restrictions
CVE-2014-0123	medium	—	4.9				12y ago	Moodle does not properly restrict access
CVE-2014-0122	medium	—	4.9				12y ago	Moodle allows bypass of intended access restrictions
CVE-2011-4582	medium	—	4.9				14y ago	Moodle Open Redirect in Calendar Set Page
CVE-2017-15110	medium	4.3	4.3				9y ago	Moodle Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-12157	medium	4.3	4.3				9y ago	Moodle sensitive information disclosure
CVE-2017-7531	medium	4.3	4.3				9y ago	Moodle Information Disclosure
CVE-2017-7491	medium	4.3	4.3				9y ago	Moodle Cross-Site Request Forgery (CSRF)
CVE-2016-3733	medium	4.3	4.3				9y ago	Moodle Improper Access Control
CVE-2016-3732	medium	4.3	4.3				9y ago	Moodle sensitive information disclosure
CVE-2016-2159	medium	4.3	4.3				10y ago	Moodle External function mod_assign_save_submission does not check due dates
CVE-2016-2158	medium	4.3	4.3				10y ago	Moodle allows attackers to obtain sensitive category-detail information
CVE-2016-2156	medium	4.3	4.3				10y ago	Moodle provides calendar-event data without considering whether an activity is hidden
CVE-2016-2155	medium	4.3	4.3				10y ago	Moodle allows attackers to modify "Exclude grade" settings
CVE-2016-2154	medium	4.3	4.3				10y ago	Moodle allows attackers to discover hidden course names