Vulnerabilities > Moodle > Moodle > 2.3.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-27 | CVE-2012-6100 | Permissions, Privileges, and Access Controls vulnerability in Moodle report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | 4.0 |
2013-01-27 | CVE-2012-6099 | Improper Input Validation vulnerability in Moodle The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. | 4.0 |
2013-01-27 | CVE-2012-6098 | Permissions, Privileges, and Access Controls vulnerability in Moodle grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | 4.0 |
2012-11-21 | CVE-2012-5481 | Permissions, Privileges, and Access Controls vulnerability in Moodle 2.3.0/2.3.1/2.3.2 Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | 4.0 |
2012-11-21 | CVE-2012-5480 | Permissions, Privileges, and Access Controls vulnerability in Moodle The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | 6.4 |
2012-11-21 | CVE-2012-5479 | Permissions, Privileges, and Access Controls vulnerability in Moodle The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | 6.5 |
2012-11-21 | CVE-2012-5473 | Information Exposure vulnerability in Moodle The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. | 4.0 |
2012-11-21 | CVE-2012-5472 | Permissions, Privileges, and Access Controls vulnerability in Moodle lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | 4.0 |
2012-11-21 | CVE-2012-5471 | Permissions, Privileges, and Access Controls vulnerability in Moodle The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. | 6.5 |