Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Moodle
(Moodle)| Repositories |
• https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 521 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-23 | CVE-2023-1402 | The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | Moodle | 4.3 | ||
| 2023-03-23 | CVE-2023-28329 | Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | Moodle | 8.8 | ||
| 2023-03-23 | CVE-2023-28330 | Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | Moodle | 6.5 | ||
| 2023-03-23 | CVE-2023-28331 | Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | Moodle | 6.1 | ||
| 2023-03-23 | CVE-2023-28332 | If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | Moodle | 6.1 | ||
| 2023-03-23 | CVE-2023-28333 | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | Fedora, Moodle | 9.8 | ||
| 2023-03-23 | CVE-2023-28334 | Authenticated users were able to enumerate other users' names via the learning plans page. | Moodle | 4.3 | ||
| 2023-03-23 | CVE-2023-28335 | The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | Moodle | 8.8 | ||
| 2023-03-23 | CVE-2023-28336 | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | Fedora, Moodle | 4.3 | ||
| 2023-05-02 | CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | Extra_packages_for_enterprise_linux, Fedora, Moodle | 5.3 |