Vulnerabilities > Moodle > Moodle > 3.1.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2021-36392 | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 |
| 2023-03-06 | CVE-2021-36393 | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 |
| 2023-03-06 | CVE-2021-36394 | Unspecified vulnerability in Moodle In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 |
| 2023-03-06 | CVE-2021-36395 | Uncontrolled Recursion vulnerability in Moodle In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 7.5 |
| 2023-03-06 | CVE-2021-36396 | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
| 2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
| 2022-09-29 | CVE-2021-40691 | Unspecified vulnerability in Moodle A session hijack risk was identified in the Shibboleth authentication plugin. | 4.3 |
| 2022-09-29 | CVE-2021-40693 | Improper Authentication vulnerability in Moodle An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 6.5 |
| 2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
| 2022-04-29 | CVE-2022-0985 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | 4.3 |