Vulnerabilities > Moodle > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
2022-08-16 | CVE-2020-14321 | Incorrect Authorization vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | 8.8 |
2022-08-16 | CVE-2020-14322 | Allocation of Resources Without Limits or Throttling vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | 7.5 |
2022-07-25 | CVE-2022-35650 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. | 7.5 |
2022-03-25 | CVE-2022-0983 | SQL Injection vulnerability in multiple products An SQL injection risk was identified in Badges code relating to configuring criteria. | 8.8 |
2022-03-11 | CVE-2021-32476 | Allocation of Resources Without Limits or Throttling vulnerability in Moodle A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. | 7.5 |
2022-01-25 | CVE-2022-0332 | SQL Injection vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4. | 7.5 |
2022-01-25 | CVE-2022-0335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 8.8 |
2021-11-22 | CVE-2021-43559 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 8.8 |
2021-01-28 | CVE-2021-20187 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | 7.2 |