Vulnerabilities > Moodle > Moodle > 1.9.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-12-16 | CVE-2009-4300 | Information Exposure vulnerability in Moodle Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | 5.0 |
2009-12-16 | CVE-2009-4299 | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 5.0 |
2009-12-16 | CVE-2009-4298 | Information Exposure vulnerability in Moodle The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | 5.0 |
2009-12-16 | CVE-2009-4297 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |