Vulnerabilities > Moodle > Moodle > 2.0.8

DATE CVE VULNERABILITY TITLE RISK
2012-07-23 CVE-2012-3398 Unspecified vulnerability in Moodle
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records.
network
low complexity
moodle
4.0
4.0
2012-07-23 CVE-2012-3397 Permissions, Privileges, and Access Controls vulnerability in Moodle
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.
network
low complexity
moodle CWE-264
4.0
4.0
2012-07-23 CVE-2012-3395 SQL Injection vulnerability in Moodle
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.
network
low complexity
moodle CWE-89
6.5
6.5
2012-07-21 CVE-2012-2367 Permissions, Privileges, and Access Controls vulnerability in Moodle
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
network
low complexity
moodle CWE-264
4.0
4.0
2012-07-21 CVE-2012-2365 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2361 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2360 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2358 Permissions, Privileges, and Access Controls vulnerability in Moodle
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
network
low complexity
moodle CWE-264
5.5
5.5