Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3325 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | |||||
| CVE-2009-4302 | 1 Moodle | 1 Moodle | 2025-04-09 | 5.0 MEDIUM | N/A |
| login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | |||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2025-04-09 | 6.0 MEDIUM | N/A |
| mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | |||||
| CVE-2008-3326 | 1 Moodle | 1 Moodle | 2025-04-09 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | |||||
| CVE-2006-5219 | 1 Moodle | 1 Moodle | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter. | |||||
| CVE-2004-1425 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | |||||
| CVE-2004-2235 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. | |||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | |||||
| CVE-2004-0725 | 1 Moodle | 1 Moodle | 2025-04-03 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2005-2247 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | |||||
| CVE-2006-4935 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | |||||
| CVE-2004-2236 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | |||||
| CVE-2005-3648 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | |||||
| CVE-2004-1978 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | |||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
| The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. | |||||
| CVE-2006-4936 | 1 Moodle | 1 Moodle | 2025-04-03 | 10.0 HIGH | N/A |
| Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | |||||
| CVE-2005-3649 | 1 Moodle | 1 Moodle | 2025-04-03 | 2.6 LOW | N/A |
| jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | |||||
| CVE-2006-4942 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.6 MEDIUM | N/A |
| Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | |||||
| CVE-2004-1711 | 1 Moodle | 1 Moodle | 2025-04-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | |||||
| CVE-2006-4940 | 1 Moodle | 1 Moodle | 2025-04-03 | 5.0 MEDIUM | N/A |
| login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | |||||