Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-3734 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
network
low complexity
moodle CWE-352
8.8
8.8
2017-04-20 CVE-2016-3733 Improper Access Control vulnerability in Moodle
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
network
low complexity
moodle CWE-284
4.3
4.3
2017-04-20 CVE-2016-3732 Information Exposure vulnerability in Moodle
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
network
low complexity
moodle CWE-200
4.3
4.3
2017-04-20 CVE-2016-3731 Information Exposure vulnerability in Moodle
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
network
low complexity
moodle CWE-200
5.3
5.3
2017-04-20 CVE-2016-3729 Improper Access Control vulnerability in Moodle
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
network
low complexity
moodle CWE-284
6.5
6.5
2017-03-29 CVE-2017-7298 Cross-site Scripting vulnerability in Moodle 3.2.2
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
network
low complexity
moodle CWE-79
5.4
5.4
2017-03-26 CVE-2017-2645 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
6.1
2017-03-26 CVE-2017-2644 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
6.1
2017-03-26 CVE-2017-2643 Information Exposure vulnerability in Moodle 3.2.0/3.2.1
In Moodle 3.2.x, global search displays user names for unauthenticated users.
network
low complexity
moodle CWE-200
5.3
5.3
2017-03-26 CVE-2017-2641 SQL Injection vulnerability in Moodle
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
network
low complexity
moodle CWE-89
critical
 9.8
9.8