| CVE-2016-3734 |
high |
8.8 |
8.8 |
|
|
moodle |
9y ago |
Moodle Cross-site request forgery (CSRF) vulnerability |
| CVE-2017-2641 |
critical |
9.8 |
10.0 |
EXP |
|
moodle |
9y ago |
Moodle SQL injection via user preferences |
| CVE-2016-7038 |
high |
7.3 |
7.3 |
|
|
moodle |
10y ago |
Moodle Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2016-9187 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle Unrestricted file upload vulnerability |
| CVE-2016-9186 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an … |
| CVE-2016-7919 |
high |
7.5 |
7.5 |
|
|
moodle |
10y ago |
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation proces… |
| CVE-2016-2157 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle cross-site request forgery (CSRF) vulnerability |
| CVE-2015-5338 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle multiple cross-site request forgery (CSRF) vulnerabilities |
| CVE-2015-5267 |
high |
7.5 |
7.5 |
|
|
moodle |
10y ago |
Moodle uses predictable password-recovery tokens |
| CVE-2015-3272 |
high |
7.4 |
7.4 |
|
|
moodle |
10y ago |
Moodle open redirect vulnerability |
| CVE-2014-7845 |
high |
— |
7.5 |
|
|
moodle |
12y ago |
Moodle Temporary Passwords are Brute Force-able |
| CVE-2014-3541 |
high |
— |
7.5 |
|
|
moodle |
12y ago |
Moodle vulnerable to PHP object injection attacks |
| CVE-2013-5674 |
high |
— |
7.5 |
|
|
moodle |
13y ago |
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object i… |
| CVE-2013-4313 |
high |
— |
7.5 |
|
|
moodle |
13y ago |
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec… |
| CVE-2012-0801 |
high |
— |
7.5 |
|
|
moodle |
14y ago |
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. |
| CVE-2010-1615 |
high |
— |
7.5 |
|
|
moodle |
16y ago |
Moodle vulnerable to SQL injection |
