Vulnerabilities > Moodle > Moodle > 1.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2021-40691 | Unspecified vulnerability in Moodle A session hijack risk was identified in the Shibboleth authentication plugin. | 4.3 |
| 2022-09-29 | CVE-2021-40693 | Improper Authentication vulnerability in Moodle An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 6.5 |
| 2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
| 2022-04-29 | CVE-2022-0985 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | 4.3 |
| 2022-03-11 | CVE-2021-32473 | Unspecified vulnerability in Moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | 5.0 |
| 2022-03-11 | CVE-2021-32474 | SQL Injection vulnerability in Moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. | 6.5 |
| 2022-03-11 | CVE-2021-32475 | Cross-site Scripting vulnerability in Moodle ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | 3.5 |
| 2022-03-11 | CVE-2021-32476 | Allocation of Resources Without Limits or Throttling vulnerability in Moodle A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. | 7.5 |
| 2022-03-11 | CVE-2021-32478 | Cross-site Scripting vulnerability in Moodle The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. | 6.1 |
| 2022-01-25 | CVE-2022-0333 | Incorrect Authorization vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 3.8 |