Vulnerabilities > Moodle > Moodle > 4.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-35132 | SQL Injection vulnerability in Moodle A limited SQL injection risk was identified on the Mnet SSO access control page. | 6.3 |
| 2023-06-22 | CVE-2023-35133 | Server-Side Request Forgery (SSRF) vulnerability in Moodle An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. | 7.5 |
| 2023-05-02 | CVE-2023-30944 | SQL Injection vulnerability in multiple products The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. | 7.3 |
| 2023-03-23 | CVE-2023-1402 | Exposure of Resource to Wrong Sphere vulnerability in Moodle The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | 4.3 |
| 2023-03-23 | CVE-2023-28329 | SQL Injection vulnerability in Moodle Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 8.8 |
| 2023-03-23 | CVE-2023-28330 | Unspecified vulnerability in Moodle Insufficient sanitizing in backup resulted in an arbitrary file read risk. | 6.5 |
| 2023-03-23 | CVE-2023-28331 | Cross-site Scripting vulnerability in Moodle Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | 6.1 |
| 2023-03-23 | CVE-2023-28332 | Cross-site Scripting vulnerability in Moodle If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | 6.1 |
| 2023-03-23 | CVE-2023-28333 | Code Injection vulnerability in multiple products The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 |
| 2023-03-23 | CVE-2023-28334 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 |