moodle

629 tracked vulnerabilities.

CVE-2021-36396 HIGH
Moodle - Blind Server-Side Request Forgery via Redirect Handling Bypass
Mar 06, 2023
CVSS 7.5
EPSS 0.02
CVE-2021-36395 HIGH
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Denial of Service via Recursive URL Parsing
Mar 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2021-36394 CRITICAL
Moodle - Remote Code Execution in Shibboleth Authentication Plugin
Mar 06, 2023
CVSS 9.8
EPSS 0.12
CVE-2021-36393 CRITICAL
Moodle <3.9.8 and 3.11.0-beta-3.11.1 - SQL Injection
Mar 06, 2023
CVSS 9.8
EPSS 0.24
CVE-2021-36392 CRITICAL
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - SQL Injection
Mar 06, 2023
CVSS 9.8
EPSS 0.01
CVE-2021-40695 MEDIUM
Moodle - Information Disclosure via Quiz Web Service
Sep 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-40694 MEDIUM
moodle < 3.9.10 - Unauthenticated Arbitrary File Read via LaTeX Preamble
Sep 29, 2022
CVSS 4.9
EPSS 0.00
CVE-2021-40693 MEDIUM
Moodle - Authentication Bypass via External Database Type Juggling
Sep 29, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-40692 MEDIUM
Moodle - Insufficient Capability Checks Leading to Information Disclosure
Sep 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-40691 MEDIUM
Moodle Shibboleth Authentication Plugin - Session Hijack
Sep 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-36568 MEDIUM
Moodle 3.9.7, 3.10.4, 3.11 - Stored Cross-Site Scripting in Database Activity Field Name and Description
Sep 13, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-32478 MEDIUM NUCLEI
Moodle < 3.8.9, 3.9-3.9.6, 3.10-3.10.3 - Open Redirect via LTI Authorization Endpoint
Mar 11, 2022
CVSS 6.1
EPSS 0.03
CVE-2021-32477 MEDIUM
moodle 3.10-3.10.3 - Missing Authorization for Mobile App Last Access Time
Mar 11, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-32476 HIGH
Moodle < 3.5.18, 3.8-3.8.8, 3.9-3.9.6, 3.10-3.10.3 - Denial of Service via Draft Files Area
Mar 11, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-32475 MEDIUM
Moodle < 3.5.18 - Stored Cross-Site Scripting in Quiz Grading Report ID Numbers
Mar 11, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-32474 HIGH
moodle <3.5.18 and 3.10-3.10.3 - SQL Injection via XML-RPC MNet Call
Mar 11, 2022
CVSS 7.2
EPSS 0.01
CVE-2021-32473 MEDIUM
Moodle < 3.5.18 - Unauthorized Quiz Grade Exposure via Quiz Web Service
Mar 11, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-32472 MEDIUM
Moodle 3.8.0-3.8.8, 3.9.0-3.9.6, 3.10.0-3.10.3 - Unauthorized Forum Data Export via CSV Export Feature
Mar 11, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-43560 MEDIUM
Moodle <3.11.3-3.9.10 - Info Disclosure
Nov 22, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-43559 HIGH
Moodle < 3.8.8, 3.9-3.9.10, 3.10-3.10.7, 3.11-3.11.3 - Cross-Site Request Forgery via Badge Deletion
Nov 22, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-43558 MEDIUM
Moodle < 3.8.8, 3.9.0-3.9.10, 3.10.0-3.10.7, 3.11.0-3.11.3 - Reflected XSS via Filetype Admin Tool
Nov 22, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-3943 CRITICAL
Moodle 3.9.0-3.9.9, 3.11.0-3.11.3 - Remote Code Execution via Backup File Restoration
Nov 22, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-21809 CRITICAL
Moodle Authenticated Spelling Binary RCE
Jun 23, 2021
CVSS 9.1
EPSS 0.73
CVE-2021-32244 MEDIUM
Moodle 3.10.3 - Stored Cross-Site Scripting via Description Field
Jun 16, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-20283 MEDIUM
moodle 3.5.0-3.5.16 and 3.10.0-3.10.1 - Missing Authorization in Course Enrollment Web Service
Mar 15, 2021
CVSS 4.3
EPSS 0.00
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV