Vulnerabilities > Moodle > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-25629 Missing Authorization vulnerability in Moodle
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager.
network
low complexity
moodle CWE-862
8.8
8.8
2020-11-19 CVE-2020-25699 Incorrect Authorization vulnerability in multiple products
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course.
network
low complexity
moodle fedoraproject CWE-863
7.5
7.5
2020-11-19 CVE-2020-25698 Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course.
network
low complexity
moodle fedoraproject
7.5
7.5
2020-05-21 CVE-2020-10738 Improper Input Validation vulnerability in Moodle
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions.
network
low complexity
moodle CWE-20
8.8
8.8
2019-07-31 CVE-2019-10186 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.
network
low complexity
moodle CWE-352
8.8
8.8
2019-03-25 CVE-2019-3809 Server-Side Request Forgery (SSRF) vulnerability in Moodle
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions.
network
low complexity
moodle CWE-918
7.5
7.5
2018-07-10 CVE-2018-10891 Unspecified vulnerability in Moodle
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13.
network
low complexity
moodle
7.5
7.5
2017-03-26 CVE-2017-2641 SQL Injection vulnerability in Moodle
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
network
low complexity
moodle CWE-89
7.5
7.5
2016-10-28 CVE-2016-7919 SQL Injection vulnerability in Moodle 3.1.2
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component.
network
low complexity
moodle CWE-89
7.5
7.5
2016-02-22 CVE-2015-5332 Resource Management Errors vulnerability in Moodle
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
network
moodle CWE-399
7.1
7.1