Vulnerabilities > Moodle > Moodle > 2.2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-5549 | Improper Privilege Management vulnerability in multiple products Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | 5.3 |
| 2023-11-09 | CVE-2023-5550 | In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | 9.8 |
| 2023-11-09 | CVE-2023-5551 | Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | 3.3 |
| 2023-06-22 | CVE-2023-35132 | SQL Injection vulnerability in Moodle A limited SQL injection risk was identified on the Mnet SSO access control page. | 6.3 |
| 2023-06-22 | CVE-2023-35133 | Server-Side Request Forgery (SSRF) vulnerability in Moodle An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. | 7.5 |
| 2023-03-06 | CVE-2021-36402 | Unspecified vulnerability in Moodle In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | 5.3 |
| 2023-03-06 | CVE-2021-36403 | Unspecified vulnerability in Moodle In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | 5.3 |
| 2023-03-06 | CVE-2021-36397 | Unspecified vulnerability in Moodle In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | 5.3 |
| 2023-03-06 | CVE-2021-36400 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
| 2023-03-06 | CVE-2021-36401 | Cross-site Scripting vulnerability in Moodle In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | 4.8 |