Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-07-20 | CVE-2011-4590 | Improper Authentication vulnerability in Moodle The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | 4.0 |
| 2012-07-20 | CVE-2011-4589 | Permissions, Privileges, and Access Controls vulnerability in Moodle backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 5.5 |
| 2012-07-20 | CVE-2011-4583 | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 6.5 |
| 2012-07-20 | CVE-2011-4582 | Improper Input Validation vulnerability in Moodle 2.1.0/2.1.1/2.1.2 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | 4.9 |
| 2012-07-17 | CVE-2012-0799 | Information Exposure vulnerability in Moodle Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 4.3 |
| 2012-07-17 | CVE-2012-0798 | Permissions, Privileges, and Access Controls vulnerability in Moodle The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 5.5 |
| 2012-07-17 | CVE-2012-0797 | Configuration vulnerability in Moodle The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | 5.5 |
| 2012-07-17 | CVE-2012-0795 | Improper Input Validation vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 6.5 |
| 2012-07-11 | CVE-2011-4308 | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | 4.0 |
| 2011-12-22 | CVE-2011-4203 | Code Injection vulnerability in Moodle CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | 5.0 |