Vulnerabilities > Moodle > Moodle > 1.9.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-29 | CVE-2010-1617 | Permissions, Privileges, and Access Controls vulnerability in Moodle user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | 4.0 |
2010-04-29 | CVE-2010-1616 | Unspecified vulnerability in Moodle Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | 4.0 |
2010-04-29 | CVE-2010-1615 | SQL Injection vulnerability in Moodle Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. | 7.5 |
2010-04-29 | CVE-2010-1614 | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. | 4.3 |
2010-04-29 | CVE-2010-1613 | Improper Authentication vulnerability in Moodle Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | 6.8 |