Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2022-03-11 CVE-2021-32477 Missing Authorization vulnerability in Moodle
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default).
network
low complexity
moodle CWE-862
4.3
4.3
2022-03-11 CVE-2021-32478 Unspecified vulnerability in Moodle
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks.
network
low complexity
moodle
6.1
6.1
2022-01-25 CVE-2022-0332 SQL Injection vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4.
network
low complexity
moodle CWE-89
critical
 9.8
9.8
2022-01-25 CVE-2022-0333 Incorrect Authorization vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-863
3.8
3.8
2022-01-25 CVE-2022-0334 Exposure of Resource to Wrong Sphere vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-668
4.3
4.3
2022-01-25 CVE-2022-0335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-352
8.8
8.8
2021-11-22 CVE-2021-3943 Improper Input Validation vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle CWE-20
critical
 9.8
9.8
2021-11-22 CVE-2021-43558 Cross-site Scripting vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-22 CVE-2021-43560 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-668
5.3
5.3