Vulnerabilities > Moodle > Moodle > 2.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-26 | CVE-2018-16854 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. | 6.8 |
2018-09-17 | CVE-2018-14630 | Code Injection vulnerability in Moodle moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. | 6.5 |
2018-04-04 | CVE-2018-1081 | Unspecified vulnerability in Moodle A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. | 5.0 |
2018-01-22 | CVE-2018-1045 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS via a calendar event name. | 3.5 |
2018-01-22 | CVE-2018-1044 | Information Exposure vulnerability in Moodle In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | 4.0 |
2018-01-22 | CVE-2018-1042 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.x has Server Side Request Forgery in the filepicker. | 4.0 |
2017-11-20 | CVE-2017-15110 | Information Exposure vulnerability in Moodle In Moodle 3.x, students can find out email addresses of other students in the same course. | 4.0 |
2017-01-20 | CVE-2017-2576 | Improper Input Validation vulnerability in Moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 5.0 |
2017-01-20 | CVE-2016-8644 | Permissions, Privileges, and Access Controls vulnerability in Moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | 5.0 |
2017-01-20 | CVE-2016-8643 | Improper Access Control vulnerability in Moodle In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | 4.0 |