Vulnerabilities > Moodle > Moodle > 2.7.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-3848 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. | 4.3 |
| 2018-11-26 | CVE-2018-16854 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. | 6.8 |
| 2018-09-17 | CVE-2018-14630 | Code Injection vulnerability in Moodle moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. | 6.5 |
| 2018-04-04 | CVE-2018-1081 | Unspecified vulnerability in Moodle A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. | 5.0 |
| 2018-01-22 | CVE-2018-1045 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS via a calendar event name. | 3.5 |
| 2018-01-22 | CVE-2018-1044 | Information Exposure vulnerability in Moodle In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | 4.0 |
| 2018-01-22 | CVE-2018-1042 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.x has Server Side Request Forgery in the filepicker. | 4.0 |
| 2017-11-20 | CVE-2017-15110 | Information Exposure vulnerability in Moodle In Moodle 3.x, students can find out email addresses of other students in the same course. | 4.0 |
| 2017-05-15 | CVE-2017-7491 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | 4.3 |
| 2017-05-15 | CVE-2017-7490 | Exposure of Resource to Wrong Sphere vulnerability in Moodle In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | 5.0 |