Vulnerabilities > Moodle > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-18 CVE-2024-38276 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Incorrect CSRF token checks resulted in multiple CSRF risks.
network
low complexity
fedoraproject moodle CWE-352
8.8
8.8
2024-05-31 CVE-2024-34008 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
network
low complexity
moodle CWE-352
8.8
8.8
2023-11-09 CVE-2023-5539 Code Injection vulnerability in multiple products
A remote code execution risk was identified in the Lesson activity.
network
low complexity
moodle fedoraproject CWE-94
8.8
8.8
2023-11-09 CVE-2023-5540 Code Injection vulnerability in multiple products
A remote code execution risk was identified in the IMSCP activity.
network
low complexity
moodle fedoraproject CWE-94
8.8
8.8
2023-06-22 CVE-2023-35133 Server-Side Request Forgery (SSRF) vulnerability in Moodle
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk.
network
low complexity
moodle CWE-918
7.5
7.5
2023-05-02 CVE-2023-30944 SQL Injection vulnerability in multiple products
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages.
network
low complexity
moodle fedoraproject CWE-89
7.3
7.3
2023-03-23 CVE-2023-28329 SQL Injection vulnerability in Moodle
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
network
low complexity
moodle CWE-89
8.8
8.8
2023-03-23 CVE-2023-28335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle 4.1.0/4.1.1
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
network
low complexity
moodle CWE-352
8.8
8.8
2023-03-06 CVE-2021-36395 Uncontrolled Recursion vulnerability in Moodle
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
network
low complexity
moodle CWE-674
7.5
7.5
2023-03-06 CVE-2021-36396 Server-Side Request Forgery (SSRF) vulnerability in Moodle
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
network
low complexity
moodle CWE-918
7.5
7.5