Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-0984 Incorrect Authorization vulnerability in multiple products
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
network
low complexity
moodle fedoraproject redhat CWE-863
4.0
2022-04-29 CVE-2022-0985 Improper Authentication vulnerability in Moodle
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
network
low complexity
moodle CWE-287
4.0
2022-03-25 CVE-2022-0983 SQL Injection vulnerability in multiple products
An SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle fedoraproject CWE-89
6.5
2022-03-11 CVE-2021-32472 Information Exposure vulnerability in Moodle
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.
network
high complexity
moodle CWE-200
2.6
2022-03-11 CVE-2021-32473 Unspecified vulnerability in Moodle
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
network
low complexity
moodle
5.0
2022-03-11 CVE-2021-32474 SQL Injection vulnerability in Moodle
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host.
network
low complexity
moodle CWE-89
6.5
2022-03-11 CVE-2021-32475 Cross-site Scripting vulnerability in Moodle
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
network
moodle CWE-79
3.5
2022-03-11 CVE-2021-32476 Resource Exhaustion vulnerability in Moodle
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits.
network
low complexity
moodle CWE-400
5.0
2022-03-11 CVE-2021-32477 Information Exposure vulnerability in Moodle
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default).
network
low complexity
moodle CWE-200
4.0
2022-03-11 CVE-2021-32478 Cross-site Scripting vulnerability in Moodle
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks.
network
moodle CWE-79
4.3