Search CVE reports
291 – 300 of 659 results
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script...
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
In Moodle 3.x, there is XSS via a calendar event name.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
Moodle 3.x has Server Side Request Forgery in the filepicker.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Ignored |
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This...
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | — | — |
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
1 affected package
moodle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not in release | Vulnerable |