3.9.6

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-18	CVE-2022-30598	A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. network low complexity moodle redhat fedoraproject	4.3
2022-05-18	CVE-2022-30599	SQL Injection vulnerability in multiple products A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. network low complexity moodle redhat fedoraproject CWE-89 critical	9.8
2022-05-18	CVE-2022-30600	Incorrect Calculation vulnerability in multiple products A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. network low complexity moodle redhat fedoraproject CWE-682 critical	9.8
2022-05-18	CVE-2022-30596	Cross-site Scripting vulnerability in multiple products A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. network low complexity moodle redhat fedoraproject CWE-79	5.4
2022-04-29	CVE-2022-0984	Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. network low complexity moodle fedoraproject redhat CWE-863	4.0
2022-04-29	CVE-2022-0985	Incorrect Authorization vulnerability in Moodle Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. network low complexity moodle CWE-863	4.3
2022-03-25	CVE-2022-0983	SQL Injection vulnerability in multiple products An SQL injection risk was identified in Badges code relating to configuring criteria. network low complexity moodle fedoraproject CWE-89	8.8
2022-03-11	CVE-2021-32472	Missing Authorization vulnerability in Moodle Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. network low complexity moodle CWE-862	4.3
2022-03-11	CVE-2021-32473	Unspecified vulnerability in Moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. network low complexity moodle	5.0
2022-03-11	CVE-2021-32474	SQL Injection vulnerability in Moodle An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. network low complexity moodle CWE-89	6.5