Vulnerabilities > Moodle > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
critical
 9.8
9.8
2022-01-25 CVE-2022-0332 SQL Injection vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4.
network
low complexity
moodle CWE-89
critical
 9.8
9.8
2021-11-22 CVE-2021-3943 Improper Input Validation vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle CWE-20
critical
 9.8
9.8
2021-06-23 CVE-2021-21809 OS Command Injection vulnerability in Moodle 3.10.0
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10.
network
low complexity
moodle CWE-78
critical
 9.1
9.1
2020-03-31 CVE-2019-14880 Unspecified vulnerability in Moodle
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier.
network
low complexity
moodle
critical
 9.1
9.1
2019-03-25 CVE-2019-3809 Server-Side Request Forgery (SSRF) vulnerability in Moodle
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions.
network
low complexity
moodle CWE-918
critical
 10.0
10
2017-03-26 CVE-2017-2641 SQL Injection vulnerability in Moodle
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
network
low complexity
moodle CWE-89
critical
 9.8
9.8