Vulnerabilities > Moodle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
| 2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
| 2023-06-22 | CVE-2023-35133 | Server-Side Request Forgery (SSRF) vulnerability in Moodle An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. | 7.5 |
| 2023-05-02 | CVE-2023-30944 | SQL Injection vulnerability in multiple products The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. | 7.3 |
| 2023-03-23 | CVE-2023-28329 | SQL Injection vulnerability in Moodle Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 8.8 |
| 2023-03-23 | CVE-2023-28335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle 4.1.0/4.1.1 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2023-03-06 | CVE-2021-36395 | Uncontrolled Recursion vulnerability in Moodle In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 7.5 |
| 2023-03-06 | CVE-2021-36396 | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
| 2023-02-17 | CVE-2023-23923 | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
| 2022-10-06 | CVE-2022-2986 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | 8.8 |