Vulnerabilities > Moodle > Moodle > 2.7.20

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-0334 Exposure of Resource to Wrong Sphere vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-668
4.3
4.3
2022-01-25 CVE-2022-0335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-352
8.8
8.8
2021-11-22 CVE-2021-43558 Cross-site Scripting vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-22 CVE-2021-43560 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-668
5.3
5.3
2021-01-28 CVE-2021-20187 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
network
low complexity
moodle CWE-829
7.2
7.2
2020-02-17 CVE-2020-1692 Unspecified vulnerability in Moodle
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
network
low complexity
moodle
6.5
6.5
2019-07-31 CVE-2019-10186 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.
network
low complexity
moodle CWE-352
8.8
8.8
2019-03-27 CVE-2019-3847 Cross-site Scripting vulnerability in Moodle
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17.
network
low complexity
moodle CWE-79
4.8
4.8
2019-03-26 CVE-2019-3848 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8.
network
low complexity
moodle CWE-863
4.3
4.3