Vulnerabilities > Moodle > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-08 | CVE-2020-25629 | Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. | 8.8 |
2020-11-19 | CVE-2020-25699 | Incorrect Authorization vulnerability in multiple products In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. | 7.5 |
2020-11-19 | CVE-2020-25698 | Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. | 7.5 |
2020-05-21 | CVE-2020-10738 | Improper Input Validation vulnerability in Moodle A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. | 8.8 |
2019-07-31 | CVE-2019-10186 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. | 8.8 |
2019-03-25 | CVE-2019-3809 | Server-Side Request Forgery (SSRF) vulnerability in Moodle A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. | 7.5 |
2018-07-10 | CVE-2018-10891 | Unspecified vulnerability in Moodle A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. | 7.5 |
2017-03-26 | CVE-2017-2641 | SQL Injection vulnerability in Moodle In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | 7.5 |
2016-10-28 | CVE-2016-7919 | SQL Injection vulnerability in Moodle 3.1.2 Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. | 7.5 |
2016-02-22 | CVE-2015-5332 | Resource Management Errors vulnerability in Moodle Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. | 7.1 |