moodle

629 tracked vulnerabilities.

CVE-2024-25982 MEDIUM
moodle 4.1.0-4.1.8 and 4.3.0-4.3.2 - Cross-Site Request Forgery via Language Pack Update Link
Feb 19, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25981 MEDIUM
moodle 4.1.0-4.1.8, 4.3.0-4.3.2 - Improper Access Control in Forum Export
Feb 19, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25980 MEDIUM
moodle 4.1.0-4.1.8, 4.3.0-4.3.2 - Improper Access Control in H5P Attempts Report
Feb 19, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25979 MEDIUM
Moodle Forum Search - URL Parameter Restriction Bypass
Feb 19, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25978 HIGH
moodle 4.1.0-4.1.8 and 4.3.0-4.3.2 - Denial of Service via File Picker Unzip Functionality
Feb 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-1439 MEDIUM
Moodle < 4.2.11 - Improper Access Control
Feb 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-5543 LOW
moodle 4.0.0-4.0.10 - Improper Access Control via BigBlueButton Activity Duplication
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5551 LOW
moodle < 3.9.24 and 4.3.0-beta-4.3.0-rc2 - Exposure of Sensitive Information via Forum Summary Report
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5550 MEDIUM
moodle <3.9.24 and >=4.3.0-beta <4.3.0-rc2 - Remote Code Execution via Local File Include
Nov 09, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-5549 LOW
moodle < 3.9.24 and >= 4.3.0-rc2 - Improper Access Control in Category Management
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5548 LOW
Moodle - Cache Poisoning via File Serving Endpoints
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5547 LOW
moodle 3.9.0-3.9.23 and <4.3.0-rc2 - Cross-Site Scripting in Course Upload Preview
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5546 MEDIUM
Moodle 4.0.0-4.0.10 and <4.3.0-rc2 - Stored Cross-Site Scripting in Quiz Grading Report ID Numbers
Nov 09, 2023
CVSS 4.3
EPSS 0.02
CVE-2023-5545 LOW
moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Exposure of Sensitive Information via H5P Metadata Author Field
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5544 MEDIUM
moodle 3.9.0-3.9.23 and <4.3.0-rc2 - Stored Cross-Site Scripting and Insecure Direct Object Reference in Wiki Comments
Nov 09, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-5542 LOW
moodle < 4.3.0-rc2 - Improper Access Control in Group Membership Visibility
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5541 LOW
Moodle 3.9.0-3.9.23 and <4.3.0-rc2 - Stored Cross-Site Scripting via CSV Grade Import
Nov 09, 2023
CVSS 3.3
EPSS 0.00
CVE-2023-5540 MEDIUM
moodle < 3.9.24 and >= 4.0.0 < 4.3.0-rc2 - Authenticated Remote Code Execution in IMSCP Activity
Nov 09, 2023
CVSS 4.7
EPSS 0.02
CVE-2023-5539 MEDIUM
moodle < 3.9.24 and 4.0.0-4.2.0 - Authenticated Remote Code Execution in Lesson Activity
Nov 09, 2023
CVSS 4.7
EPSS 0.02
CVE-2023-46858 MEDIUM
Moodle 4.3 - Authenticated Reflected Cross-Site Scripting via Grade Report Search Parameter
Oct 29, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-35133 HIGH
Moodle < 3.9.22, 4.0-4.0.8, 4.1-4.1.3, 4.2 - Server-Side Request Forgery via cURL Blocked Hosts Check Bypass
Jun 22, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-35132 MEDIUM
Moodle < 3.9.22, 4.0-4.0.8, 4.1-4.1.3, 4.2 - SQL Injection in Mnet SSO Access Control
Jun 22, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-35131 MEDIUM
Moodle 3.11.0-3.11.14, 4.0-4.0.8, 4.1-4.1.3, 4.2 - Cross-Site Scripting in Groups Page
Jun 22, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-30944 MEDIUM
Moodle 3.9.0-3.9.20 and <4.2.0-rc2 - SQL Injection via External Wiki Page Listing
May 02, 2023
CVSS 5.6
EPSS 0.01
CVE-2023-30943 MEDIUM NUCLEI
Moodle 4.1.0-4.1.2 - Unauthenticated Arbitrary Folder Creation via TinyMCE Loader
May 02, 2023
CVSS 6.5
EPSS 0.27
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV