Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-30597 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
network
low complexity
moodle redhat fedoraproject
5.0
2022-05-18 CVE-2022-30598 A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
network
low complexity
moodle redhat fedoraproject
4.0
2022-05-18 CVE-2022-30599 SQL Injection vulnerability in multiple products
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle redhat fedoraproject CWE-89
7.5
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
7.5
2022-05-18 CVE-2022-30596 Cross-site Scripting vulnerability in multiple products
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
3.5
2022-04-29 CVE-2022-0984 Incorrect Authorization vulnerability in multiple products
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
network
low complexity
moodle fedoraproject redhat CWE-863
4.0
2022-04-29 CVE-2022-0985 Improper Authentication vulnerability in Moodle
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
network
low complexity
moodle CWE-287
4.0
2022-03-25 CVE-2022-0983 SQL Injection vulnerability in multiple products
An SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle fedoraproject CWE-89
6.5
2022-03-11 CVE-2021-32472 Missing Authorization vulnerability in Moodle
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.
network
high complexity
moodle CWE-862
2.6
2022-03-11 CVE-2021-32473 Unspecified vulnerability in Moodle
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
network
low complexity
moodle
5.0