Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist

moodle/moodle

packagist

Moodle - the world's open source learning platform

View on github.com · View on packagist.org

Security Advisories for moodle/moodle in packagist

Moderate
10 days ago

Moodle has a time restriction bypass GSA_kwCzR0hTQS13MjlqLThwaHctZmZqZs4ABNvP

packagist moodle/moodle
Moderate
10 days ago

Moodle's error handling leads to sensitive information disclosure GSA_kwCzR0hTQS1jNWNqLXhwNDMtcWNjM84ABNvr

packagist moodle/moodle
Moderate
10 days ago

Moodle does not properly enforce MFA GSA_kwCzR0hTQS0yNXdmLTd4NmMtd21wZs4ABNvu

packagist moodle/moodle
Moderate
10 days ago

Moodle exposed the names of hidden groups to users GSA_kwCzR0hTQS00MjJ2LXc2YzUtdnE0Ms4ABNvO

packagist moodle/moodle
High
10 days ago

Moodle vulnerable to brute-force password guesses GSA_kwCzR0hTQS1tNThmLTlwdnYtOG1wMs4ABNvN

packagist moodle/moodle
Moderate
10 days ago

Moodle sends quiz-related messages to inactive/suspended users GSA_kwCzR0hTQS04ZmN2LTRxcDktcGczMs4ABNvt

packagist moodle/moodle
Moderate
10 days ago

Moodle course access permissions are not properly checked in course_output_fragment_course_overview GSA_kwCzR0hTQS1yamNtLTd2MnAtOTI2Nc4ABNvn

packagist moodle/moodle
Moderate
4 months ago

Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter GSA_kwCzR0hTQS1jZ3Z2LTM0NTUtODI0as4ABJYe

packagist moodle/moodle
Moderate
6 months ago

Moodle allows IDOR when accessing the cohorts report GSA_kwCzR0hTQS0zNGc3LXBnOWotcHhncM4ABHLw

packagist moodle/moodle
High
6 months ago

Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository GSA_kwCzR0hTQS1jOHY2LXZ4aGYtd2Nycs4ABHLt

packagist moodle/moodle
Moderate
6 months ago

Moodle has reflected Cross-site Scripting risk in policy tool GSA_kwCzR0hTQS1oeGdnLTRxd3ctODVwaM4ABHLv

packagist moodle/moodle
Moderate
6 months ago

Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users GSA_kwCzR0hTQS02ZzV4LWg1eDctcTRtcc4ABHLo

packagist moodle/moodle
Low
6 months ago

Moodle has a CSRF risk in user tours manager that allows tour duplication GSA_kwCzR0hTQS04OHhqLTk3Z2YtN3dwcc4ABHLn

packagist moodle/moodle
Low
6 months ago

Moodle has a CSRF risk in Brickfield tool's analysis request action GSA_kwCzR0hTQS1tOHFoLWh4NGMtaDlocs4ABHLq

packagist moodle/moodle
High
6 months ago

Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository GSA_kwCzR0hTQS1tMzY3LTQ0NWMtMnhxcs4ABHLu

packagist moodle/moodle
Low
6 months ago

Moodle's mod_data edit/delete pages pass CSRF token in GET parameter GSA_kwCzR0hTQS05dmMzLXZtNDItZmpobc4ABHLx

packagist moodle/moodle
Moderate
6 months ago

Moodle has an IDOR in messaging web service which allows access to some user details GSA_kwCzR0hTQS1wajk2LXhoMnctZmdxeM4ABHLz

packagist moodle/moodle
Moderate
6 months ago

Moodle allows IDOR in RSS block, which allows access to additional RSS feeds GSA_kwCzR0hTQS1jaG1mLW0zM3AtcGg4bc4ABHLm

packagist moodle/moodle
Moderate
6 months ago

Moodle's AJAX section delete does not respect course_can_delete_section() GSA_kwCzR0hTQS1jcG03LW12MzMtandmOM4ABHLr

packagist moodle/moodle
High
6 months ago

Moodle allows unauthenticated REST API user data exposure GSA_kwCzR0hTQS0zNDVxLTlqbXEtZzlxNM4ABHLl

packagist moodle/moodle
Moderate
6 months ago

Moodle shows hidden grades to users without permission on some grade reports GSA_kwCzR0hTQS04bTdjLWhtODgtMnA5N84ABHLj

packagist moodle/moodle
Moderate
6 months ago

Moodle makes some user data available before completing second factor with MFA enabled GSA_kwCzR0hTQS14NDVqLWpxOXEtZ2Yzcc4ABHLe

packagist moodle/moodle
Moderate
6 months ago

Moodle self enrollment available before completing second factor with MFA enabled GSA_kwCzR0hTQS1xaGM3LXhoYzItN3A3d84ABHLh

packagist moodle/moodle
Moderate
6 months ago

Moodle reveals student identities through assignment submissions search on anonymous submissions GSA_kwCzR0hTQS02OW05LXJwcmMtMng3Z84ABHLp

packagist moodle/moodle
Low
8 months ago

Moodle has an IDOR in badges allows disabling of arbitrary badges GSA_kwCzR0hTQS1nODh3LXY0Y3EtcWdjcM4ABEvP

packagist moodle/moodle
High
8 months ago

Moodle allows reflected XSS via question bank filter GSA_kwCzR0hTQS00dzMyLWM5ZzctMjdxeM4ABEvV

packagist moodle/moodle
High
8 months ago

Moodle has a SQL injection risk in course search module list filter GSA_kwCzR0hTQS1yZzU2LTk0ajctaGp4Oc4ABEvW

packagist moodle/moodle
High
8 months ago

Moodle has a stored XSS risk in admin live log GSA_kwCzR0hTQS13cjg4LXg4Y20tN2Nncc4ABEvU

packagist moodle/moodle
High
8 months ago

Moodle has an arbitrary file read risk through pdfTeX GSA_kwCzR0hTQS00aG1yLTM5dnAteGZycs4ABEvO

packagist moodle/moodle
Low
8 months ago

Moodle has a stored XSS in ddimageortext question type GSA_kwCzR0hTQS1oNjk3LXc0cGgtN3BjeM4ABEvR

packagist moodle/moodle
Low
8 months ago

Moodle allows teachers to evade trusttext config when restoring glossary entries GSA_kwCzR0hTQS1jdzI0LWY2ZnEtN2o5ds4ABEvT

packagist moodle/moodle
Moderate
8 months ago

Moodle's feedback response viewing and deletions did not respect Separate Groups mode GSA_kwCzR0hTQS1weGc0LXhqcDctdzljNc4ABEvQ

packagist moodle/moodle
Moderate
8 months ago

Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block GSA_kwCzR0hTQS01cjg1LTZoN2Ytcmczcs4ABEvS

packagist moodle/moodle
Moderate
12 months ago

Moodle IDOR when accessing list of course badges GSA_kwCzR0hTQS1yNHhyLW0zOTMtNzc4bc4ABBlP

packagist moodle/moodle
Moderate
12 months ago

Moodle Lesson activity password bypass through PHP loose comparison GSA_kwCzR0hTQS14ZnY3LWgycWctcmptN84ABBlL

packagist moodle/moodle
Moderate
12 months ago

Moodle allows users to retrieve information they did not have permission to access GSA_kwCzR0hTQS1qODIyLXg1Z2ctNXI1Ns4ABBlQ

packagist moodle/moodle
Moderate
12 months ago

Moodle IDOR when deleting OAuth2 linked accounts GSA_kwCzR0hTQS1maGcyLXIyaDktaDdxOM4ABBlV

packagist moodle/moodle
Moderate
12 months ago

moodle: IDOR when fetching report schedules GSA_kwCzR0hTQS1tZzU0LXAyd2otNXBoN84ABBdH

packagist moodle/moodle
Moderate
12 months ago

moodle: IDOR in edit/delete RSS feed GSA_kwCzR0hTQS14M3g5LTM0OXgtMjQ4Nc4ABBdA

packagist moodle/moodle
Moderate
12 months ago

Moodle leaks user names GSA_kwCzR0hTQS1jcTVmLXd2N3AtNWdmY84ABBdI

packagist moodle/moodle
Moderate
12 months ago

moodle: Some users can delete audiences of other reports GSA_kwCzR0hTQS1manE5LTQ1Mmctamczcc4ABBdJ

packagist moodle/moodle
Moderate
12 months ago

Moodle IDOR when accessing list of badge recipients GSA_kwCzR0hTQS1nOHIzLTJ2ODktajZyNc4ABBS_

packagist moodle/moodle
Moderate
12 months ago

Moodle reflected XSS via H5P error message GSA_kwCzR0hTQS1oamdjLWp4amMtOHY5as4ABBLW

packagist moodle/moodle
Low
12 months ago

Moodle Cross-site Scripting vulnerability GSA_kwCzR0hTQS00aGpmLTZweHItNTQ5aM4ABBK9

packagist moodle/moodle
Low
12 months ago

Moodle has insufficient access control GSA_kwCzR0hTQS1qcGYyLTlwcHAtMmM0Oc4ABBLG

packagist moodle/moodle
Low
12 months ago

Moodle's user/power level management inconsistent with suspended users GSA_kwCzR0hTQS1xOTl4LW1qbWgtdjh3N84ABBLL

packagist moodle/moodle
Low
12 months ago

Moodle authorization headers preserved between "emulated redirects" GSA_kwCzR0hTQS03d21wLTJ4bXgtZzZoOM4ABBLI

packagist moodle/moodle
Low
12 months ago

Moodle admin presets export tool includes some secrets that should not be exported GSA_kwCzR0hTQS12cHE1LTU2amotdmYybc4ABBLH

packagist moodle/moodle
Low
12 months ago

Moodle has user information visibility control issues in gradebook reports GSA_kwCzR0hTQS1jNzY3LTR3aGgtdjdyd84ABBLJ

packagist moodle/moodle
Low
12 months ago

Moodle has insufficient capability checks GSA_kwCzR0hTQS00Z3EyLXg1dzQtN2hwOM4ABBK8

packagist moodle/moodle
Moderate
12 months ago

Moodle vulnerable to site administration SQL injection via XMLDB editor GSA_kwCzR0hTQS1teDI2LTYyeG0tMnA4M84ABBDv

packagist moodle/moodle
High
12 months ago

Moodle has CSRF risk in Feedback non-respondents report GSA_kwCzR0hTQS14ODdyLTM3cTUtbW1yOM4ABBDt

packagist moodle/moodle
Moderate
12 months ago

Moodle vulnerable to cache poisoning via injection into storage GSA_kwCzR0hTQS0ycjltLXdnMzUtcmZ2Y84ABBDp

packagist moodle/moodle
Moderate
12 months ago

Moodle's IDOR in badges allows deletion of arbitrary badges GSA_kwCzR0hTQS13d2pmLWd3cnYtd2g0Nc4ABBDw

packagist moodle/moodle
Moderate
12 months ago

Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users GSA_kwCzR0hTQS1wOWN4LWY1OTUtaDc5aM4ABBDu

packagist moodle/moodle
Moderate
12 months ago

Moodle has arbitrary file read risk through pdfTeX GSA_kwCzR0hTQS12am1tLXI5Z2ctNDI1bc4ABBDo

packagist moodle/moodle
Moderate
12 months ago

Moodle LFI vulnerability when restoring malformed block backups GSA_kwCzR0hTQS1xcnF2LTI2Z2YteGd3aM4ABBDs

packagist moodle/moodle
High
12 months ago

Moodle Remote Code Execution vulnerability GSA_kwCzR0hTQS12NmY0LXY4aDgtM2M4N84ABBDq

packagist moodle/moodle
Moderate
over 1 year ago

Moodle stored XSS via calendar's event title when deleting the event GSA_kwCzR0hTQS1wNWNnLTZyZnItNm14OM4AA9KE

packagist moodle/moodle
Moderate
over 1 year ago

Moodle BigBlueButton web service leaks meeting joining information GSA_kwCzR0hTQS14Mjl4LXF3dngtZnhyMs4AA9KB

packagist moodle/moodle
Moderate
over 1 year ago

Moodle CSRF risks due to misuse of confirm_sesskey GSA_kwCzR0hTQS0zNTZnLTd4MzYtN20zNM4AA9J-

packagist moodle/moodle
Moderate
over 1 year ago

Moodle uses the same key for QR login and auto-login GSA_kwCzR0hTQS1yODJ3LTNwaGctcXZyNM4AA9KF

packagist moodle/moodle
Moderate
over 1 year ago

Moodle HTTP authorization header is preserved between "emulated redirects" GSA_kwCzR0hTQS1wMmNqLTg2djQtNzc4Ms4AA9KA

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Unsanitized HTML in site log for config_log_created GSA_kwCzR0hTQS12dmg1LTd2M20tajNtas4AA8lo

packagist moodle/moodle
High
over 1 year ago

Moodle Authenticated LFI risk in some misconfigured shared hosting environments GSA_kwCzR0hTQS1tbTlwLXh3Zm0tM2ZxZs4AA8ln

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Authenticated LFI risk in some misconfigured shared hosting environments GSA_kwCzR0hTQS1xM2NtLWNjcm0tMm1yNs4AA8lp

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Logout CSRF in admin/tool/mfa/auth.php GSA_kwCzR0hTQS04ZzVoLWdqd3EtdzVjaM4AA8lj

packagist moodle/moodle
High
over 1 year ago

Moodle Authenticated LFI risk in some misconfigured shared hosting environments GSA_kwCzR0hTQS1yOTlxLWhtcXYteHc4d84AA8lr

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Authenticated LFI risk in some misconfigured shared hosting environments GSA_kwCzR0hTQS1qZzRmLTh3OXgtanYzNc4AA8lm

packagist moodle/moodle
High
over 1 year ago

Moodle CSRF risk in analytics management of models GSA_kwCzR0hTQS02OHg1LTRqZzUtZ2pnZ84AA8ls

packagist moodle/moodle
High
over 1 year ago

Moodle ReCAPTCHA can be bypassed on the login page GSA_kwCzR0hTQS1nd2Y2LXE2YzItOTRwM84AA8ll

packagist moodle/moodle
High
over 1 year ago

Moodle CSRF risk in admin preset tool management of presets GSA_kwCzR0hTQS1ncTlmLThyajQtdzdqY84AA8lh

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Cross-site Scripting (XSS) GSA_kwCzR0hTQS04cXdoLTR2d3YtN2M1bc4AA8lc

packagist moodle/moodle
High
over 1 year ago

Moodle Improper Input Validation GSA_kwCzR0hTQS1yMnd4LTQ2Z3AtcnAzaM4AA8lg

packagist moodle/moodle
Moderate
over 1 year ago

Moodle broken access control when setting calendar event type GSA_kwCzR0hTQS00cXd3LXJ4cTYteDdnZs4AA8lf

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Cross-site Scripting (XSS) GSA_kwCzR0hTQS14cWhoLTI1M3ctNHE1Zs4AA8lb

packagist moodle/moodle
Moderate
over 1 year ago

Moodle stored Cross-site Scripting (XSS) GSA_kwCzR0hTQS05cWdxLTkzYzctOWhtNM4AA8la

packagist moodle/moodle
Moderate
over 1 year ago

Cross-site Scripting in Moodle Chat GSA_kwCzR0hTQS1mNm1oLTc5dmgtMmh2N84AA6Os

packagist moodle/moodle
Moderate
over 1 year ago

Cross site scripting in moodle GSA_kwCzR0hTQS0zcXc1LXY5Y2MtdjI2Ms4AA6Nd

packagist moodle/moodle
Moderate
over 1 year ago

Improper Access Control in moodle GSA_kwCzR0hTQS1jcDhtLWg3NzctZzRwM84AA5Xw

packagist moodle/moodle
Moderate
over 1 year ago

Improper Access Control in moodle GSA_kwCzR0hTQS1qZnJnLTlocHEtOWh2cM4AA5Xx

packagist moodle/moodle
High
over 1 year ago

Cross-Site Request Forgery in moodle GSA_kwCzR0hTQS03cGpwLWZtOTMtcDZwas4AA5Xy

packagist moodle/moodle
Moderate
over 1 year ago

Authorization Bypass in moodle GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0

packagist moodle/moodle
Moderate
over 1 year ago

Improper Handling of Parameters in moodle GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv

packagist moodle/moodle
High
over 1 year ago

Uncontrolled Resource Consumption in moodle GSA_kwCzR0hTQS00ODdnLTNtM3YtaGpocc4AA5Xz

packagist moodle/moodle
Moderate
over 1 year ago

Moodle Improper Access Control vulnerability GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Cross-site Scripting vulnerability GSA_kwCzR0hTQS05Z3FwLTNnMjgtdzl4Y84AA3B4

packagist moodle/moodle
Low
almost 2 years ago

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Code Injection vulnerability GSA_kwCzR0hTQS01Y3Z4LWN3cHgtOXJqaM4AA3Br

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Improper Access Control vulnerability GSA_kwCzR0hTQS1mbTVoLTU4ZzItNG0zZs4AA3Bj

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability GSA_kwCzR0hTQS0yNmZnLXYzMnItaDY2M84AA3Bo

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Cross-site Scripting vulnerability GSA_kwCzR0hTQS1qNXhmLWd2ODktZzQyMs4AA3Bq

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Code Injection vulnerability GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3

packagist moodle/moodle
High
almost 2 years ago

Moodle Code Injection vulnerability GSA_kwCzR0hTQS13OHgyLXc0cXItdjN4NM4AA3Bg

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Improper Access Control vulnerability GSA_kwCzR0hTQS04bW0yLW0yZ3AtYzZ4Ms4AA3Bn

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Cross-site Scripting vulnerability GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk

packagist moodle/moodle
Moderate
almost 2 years ago

Moodle Cross-site Scripting vulnerability GSA_kwCzR0hTQS0yOGdjLTRxcTUtOHEyNs4AA3Bi

packagist moodle/moodle
High
over 2 years ago

Moodle vulnerable to Server Side Request Forgery GSA_kwCzR0hTQS14eHA0LW1mNGgtNmN3bc4AA0AO

packagist moodle/moodle
Moderate
over 2 years ago

Moodle vulnerable to SQL Injection GSA_kwCzR0hTQS00OW12LXZmY3AtOGdnOc4AA0AP

packagist moodle/moodle

Filter by Severity

Moderate 313 High 62 Low 34 Critical 16