Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.1.0
Typecomposer
Namespacemoodle
Namemoodle
Version3.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.5
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-2dxb-v1af-jbax
vulnerability_id VCID-2dxb-v1af-jbax
summary 
Cross-Site Request Forgery (CSRF)
A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352355
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352355
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
reference_id CVE-2017-7491
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7491
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dxb-v1af-jbax
1
url VCID-336n-hpzg-euhd
vulnerability_id VCID-336n-hpzg-euhd
summary 
Cross-site Scripting
The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808
2
reference_url https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=381228#p1536765
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3808
reference_id CVE-2019-3808
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3808
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.16
purl pkg:composer/moodle/moodle@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16
1
url pkg:composer/moodle/moodle@3.4.7
purl pkg:composer/moodle/moodle@3.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7
2
url pkg:composer/moodle/moodle@3.5.4
purl pkg:composer/moodle/moodle@3.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4
3
url pkg:composer/moodle/moodle@3.6.2
purl pkg:composer/moodle/moodle@3.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2
aliases CVE-2019-3808
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd
2
url VCID-4rz2-b4e3-87g5
vulnerability_id VCID-4rz2-b4e3-87g5
summary 
Injection Vulnerability
When a quiz question bank is imported, it is possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891
1
reference_url https://moodle.org/mod/forum/discuss.php?d=373371
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=373371
2
reference_url http://www.securityfocus.com/bid/104739
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104739
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10891
reference_id CVE-2018-10891
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-10891
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.13
purl pkg:composer/moodle/moodle@3.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.13
1
url pkg:composer/moodle/moodle@3.3.7
purl pkg:composer/moodle/moodle@3.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.7
2
url pkg:composer/moodle/moodle@3.4.4
purl pkg:composer/moodle/moodle@3.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.4
3
url pkg:composer/moodle/moodle@3.5.1
purl pkg:composer/moodle/moodle@3.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.1
aliases CVE-2018-10891
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rz2-b4e3-87g5
3
url VCID-5rbf-4dz3-2qdz
vulnerability_id VCID-5rbf-4dz3-2qdz
summary 
Improper Privilege Management
Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352353
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352353
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
reference_id CVE-2017-7489
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7489
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rbf-4dz3-2qdz
4
url VCID-65y9-9ur2-pugc
vulnerability_id VCID-65y9-9ur2-pugc
summary 
Improper Input Validation
There is incorrect sanitization of attributes in forums.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=345912
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=345912
1
reference_url http://www.securityfocus.com/bid/95649
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95649
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
reference_id CVE-2017-2576
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.4
purl pkg:composer/moodle/moodle@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-dhku-uah4-ykh8
3
vulnerability VCID-jn5n-6hg9-tyf7
4
vulnerability VCID-vtq4-fpr8-hudb
5
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4
1
url pkg:composer/moodle/moodle@3.2.1
purl pkg:composer/moodle/moodle@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qjr-wjh1-8fh6
1
vulnerability VCID-dhku-uah4-ykh8
2
vulnerability VCID-jn5n-6hg9-tyf7
3
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1
aliases CVE-2017-2576
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc
5
url VCID-83kb-4mk9-t7ge
vulnerability_id VCID-83kb-4mk9-t7ge
summary 
Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=361784
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=361784
1
reference_url http://www.securityfocus.com/bid/101909
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101909
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
reference_id CVE-2017-15110
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.9
purl pkg:composer/moodle/moodle@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9
1
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
2
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-15110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge
6
url VCID-8mgr-gdzj-4ybs
vulnerability_id VCID-8mgr-gdzj-4ybs
summary 
Information Exposure
A flaw was found in Moodle. It is possible for the `core_course_get_categories` web service to return hidden categories, which should be omitted when fetching course categories.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10890
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10890
1
reference_url https://moodle.org/mod/forum/discuss.php?d=373370
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=373370
2
reference_url http://www.securityfocus.com/bid/104738
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104738
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10890
reference_id CVE-2018-10890
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-10890
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.13
purl pkg:composer/moodle/moodle@3.1.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.13
1
url pkg:composer/moodle/moodle@3.3.7
purl pkg:composer/moodle/moodle@3.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.7
2
url pkg:composer/moodle/moodle@3.4.4
purl pkg:composer/moodle/moodle@3.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.4
3
url pkg:composer/moodle/moodle@3.5.1
purl pkg:composer/moodle/moodle@3.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.1
aliases CVE-2018-10890
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mgr-gdzj-4ybs
7
url VCID-9nd7-4wve-97hc
vulnerability_id VCID-9nd7-4wve-97hc
summary 
Information Exposure
Various course reports allow teachers to view details about users in the groups they cannot access.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=358586
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=358586
1
reference_url http://www.securityfocus.com/bid/100848
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100848
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
reference_id CVE-2017-12157
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.8
purl pkg:composer/moodle/moodle@3.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.8
1
url pkg:composer/moodle/moodle@3.2.5
purl pkg:composer/moodle/moodle@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5
2
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-12157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc
8
url VCID-9t4u-n1pn-w3bd
vulnerability_id VCID-9t4u-n1pn-w3bd
summary 
Server-Side Request Forgery (SSRF)
The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809
2
reference_url https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3809
reference_id CVE-2019-3809
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3809
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.16
purl pkg:composer/moodle/moodle@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16
aliases CVE-2019-3809
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t4u-n1pn-w3bd
9
url VCID-b7br-bh2d-rygp
vulnerability_id VCID-b7br-bh2d-rygp
summary 
Improper Input Validation
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371204
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371204
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
reference_id CVE-2018-1137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.12
purl pkg:composer/moodle/moodle@3.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.12
1
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
2
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
3
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp
10
url VCID-bjnq-q2nd-1khp
vulnerability_id VCID-bjnq-q2nd-1khp
summary 
Cross-Site Request Forgery (CSRF)
The login form is not protected by a token to prevent login cross-site request forgery.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854
2
reference_url https://moodle.org/mod/forum/discuss.php?d=378731
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=378731
3
reference_url http://www.securityfocus.com/bid/106017
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106017
4
reference_url http://www.securitytracker.com/id/1042154
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1042154
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16854
reference_id CVE-2018-16854
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-16854
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.15
purl pkg:composer/moodle/moodle@3.1.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-336n-hpzg-euhd
1
vulnerability VCID-9t4u-n1pn-w3bd
2
vulnerability VCID-k73h-z6j8-gkgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15
1
url pkg:composer/moodle/moodle@3.3.9
purl pkg:composer/moodle/moodle@3.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.9
2
url pkg:composer/moodle/moodle@3.4.6
purl pkg:composer/moodle/moodle@3.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-336n-hpzg-euhd
1
vulnerability VCID-k73h-z6j8-gkgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6
3
url pkg:composer/moodle/moodle@3.5.3
purl pkg:composer/moodle/moodle@3.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-336n-hpzg-euhd
1
vulnerability VCID-k73h-z6j8-gkgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3
aliases CVE-2018-16854
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjnq-q2nd-1khp
11
url VCID-ckg1-9vpt-yfdk
vulnerability_id VCID-ckg1-9vpt-yfdk
summary 
Improper Privilege Management
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371200
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371200
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
reference_id CVE-2018-1134
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.12
purl pkg:composer/moodle/moodle@3.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.12
1
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
2
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
3
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk
12
url VCID-deur-8zdf-2kh2
vulnerability_id VCID-deur-8zdf-2kh2
summary 
Improper Input Validation
The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134
1
reference_url https://moodle.org/mod/forum/discuss.php?d=386524
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=386524
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10134
reference_id CVE-2019-10134
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10134
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.18
purl pkg:composer/moodle/moodle@3.1.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.18
1
url pkg:composer/moodle/moodle@3.4.9
purl pkg:composer/moodle/moodle@3.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.9
2
url pkg:composer/moodle/moodle@3.5.6
purl pkg:composer/moodle/moodle@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6
3
url pkg:composer/moodle/moodle@3.6.4
purl pkg:composer/moodle/moodle@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4
aliases CVE-2019-10134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2
13
url VCID-dhku-uah4-ykh8
vulnerability_id VCID-dhku-uah4-ykh8
summary 
SQL Injection
An SQL injection can occur via user preferences.
references
0
reference_url http://www.securityfocus.com/bid/96977
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96977
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
reference_id CVE-2017-2641
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2641
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhku-uah4-ykh8
14
url VCID-e2zc-7ujn-wybu
vulnerability_id VCID-e2zc-7ujn-wybu
summary 
Cross-site Scripting
There is XSS in the assignment submission page.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=345915
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=345915
1
reference_url http://www.securityfocus.com/bid/95647
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95647
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2578
reference_id CVE-2017-2578
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2578
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.4
purl pkg:composer/moodle/moodle@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-dhku-uah4-ykh8
3
vulnerability VCID-jn5n-6hg9-tyf7
4
vulnerability VCID-vtq4-fpr8-hudb
5
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4
1
url pkg:composer/moodle/moodle@3.2.1
purl pkg:composer/moodle/moodle@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qjr-wjh1-8fh6
1
vulnerability VCID-dhku-uah4-ykh8
2
vulnerability VCID-jn5n-6hg9-tyf7
3
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1
aliases CVE-2017-2578
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zc-7ujn-wybu
15
url VCID-edf3-ktcc-gydc
vulnerability_id VCID-edf3-ktcc-gydc
summary 
Information Exposure
In Moodle, glossary search displays entries without checking user permissions to view them.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=336697
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336697
1
reference_url http://www.securityfocus.com/bid/92041
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92041
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5012
reference_id CVE-2016-5012
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5012
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5012
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edf3-ktcc-gydc
16
url VCID-fegs-ubsk-63hu
vulnerability_id VCID-fegs-ubsk-63hu
summary 
Information Exposure
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371201
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371201
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
reference_id CVE-2018-1135
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.12
purl pkg:composer/moodle/moodle@3.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.12
1
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
2
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
3
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1135
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu
17
url VCID-fsex-f512-pudv
vulnerability_id VCID-fsex-f512-pudv
summary 
Injection Vulnerability
In Moodle, text injection can occur in email headers, potentially leading to outbound spam.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=336698
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336698
1
reference_url http://www.securityfocus.com/bid/92040
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92040
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
reference_id CVE-2016-5013
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv
18
url VCID-g8ct-c4ce-zuaf
vulnerability_id VCID-g8ct-c4ce-zuaf
summary 
Cross-site Scripting
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371202
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371202
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
reference_id CVE-2018-1136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.12
purl pkg:composer/moodle/moodle@3.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.12
1
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
2
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
3
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf
19
url VCID-jn5n-6hg9-tyf7
vulnerability_id VCID-jn5n-6hg9-tyf7
summary 
Cross-site Scripting
An XSS can occur via evidence of prior learning.
references
0
reference_url http://www.securityfocus.com/bid/96979
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96979
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
reference_id CVE-2017-2644
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2644
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jn5n-6hg9-tyf7
20
url VCID-k73h-z6j8-gkgz
vulnerability_id VCID-k73h-z6j8-gkgz
summary 
Information Exposure
The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810
2
reference_url https://moodle.org/mod/forum/discuss.php?d=381230#p1536767
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=381230#p1536767
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3810
reference_id CVE-2019-3810
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3810
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.16
purl pkg:composer/moodle/moodle@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16
1
url pkg:composer/moodle/moodle@3.4.7
purl pkg:composer/moodle/moodle@3.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7
2
url pkg:composer/moodle/moodle@3.5.4
purl pkg:composer/moodle/moodle@3.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4
3
url pkg:composer/moodle/moodle@3.6.2
purl pkg:composer/moodle/moodle@3.6.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2
aliases CVE-2019-3810
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz
21
url VCID-m4zv-e3dn-budf
vulnerability_id VCID-m4zv-e3dn-budf
summary 
Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=367938
1
reference_url http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103728
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id CVE-2018-1081
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.11
purl pkg:composer/moodle/moodle@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11
1
url pkg:composer/moodle/moodle@3.2.8
purl pkg:composer/moodle/moodle@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8
2
url pkg:composer/moodle/moodle@3.3.5
purl pkg:composer/moodle/moodle@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5
3
url pkg:composer/moodle/moodle@3.4.2
purl pkg:composer/moodle/moodle@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2
aliases CVE-2018-1081
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf
22
url VCID-p2gd-7uam-mqf8
vulnerability_id VCID-p2gd-7uam-mqf8
summary 
Injection Vulnerability
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371199
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371199
1
reference_url https://www.exploit-db.com/exploits/46551/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46551/
2
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
reference_id CVE-2018-1133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.12
purl pkg:composer/moodle/moodle@3.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.12
1
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
2
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
3
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8
23
url VCID-q2fa-jymp-c3bb
vulnerability_id VCID-q2fa-jymp-c3bb
summary 
Information Exposure
Moodle has a user fullname disclosure through the user preferences page.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=355554
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=355554
1
reference_url http://www.securityfocus.com/bid/99606
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99606
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
reference_id CVE-2017-2642
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.7
purl pkg:composer/moodle/moodle@3.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7
1
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
2
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-2642
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb
24
url VCID-qtt4-455b-abb6
vulnerability_id VCID-qtt4-455b-abb6
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
references
0
reference_url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
1
reference_url https://moodle.org/mod/forum/discuss.php?d=336699
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336699
2
reference_url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
reference_id CVE-2016-5014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
4
reference_url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
reference_id GHSA-c4cq-v4wp-28hg
reference_type
scores
url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5014, GHSA-c4cq-v4wp-28hg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6
25
url VCID-qxsq-ku22-r7gx
vulnerability_id VCID-qxsq-ku22-r7gx
summary 
URL Redirection to Untrusted Site (Open Redirect)
The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
1
reference_url https://moodle.org/mod/forum/discuss.php?d=386523
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=386523
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10133
reference_id CVE-2019-10133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10133
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.18
purl pkg:composer/moodle/moodle@3.1.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.18
1
url pkg:composer/moodle/moodle@3.4.9
purl pkg:composer/moodle/moodle@3.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.9
2
url pkg:composer/moodle/moodle@3.5.6
purl pkg:composer/moodle/moodle@3.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.6
3
url pkg:composer/moodle/moodle@3.6.4
purl pkg:composer/moodle/moodle@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4
aliases CVE-2019-10133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx
26
url VCID-v54t-5thx-1beu
vulnerability_id VCID-v54t-5thx-1beu
summary 
Improper Access Control
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
references
0
reference_url https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
1
reference_url https://moodle.org/mod/forum/discuss.php?d=343275
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=343275
2
reference_url https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
reference_id
reference_type
scores
url https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8642
reference_id CVE-2016-8642
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8642
4
reference_url https://github.com/advisories/GHSA-x32v-7qw8-cpq8
reference_id GHSA-x32v-7qw8-cpq8
reference_type
scores
url https://github.com/advisories/GHSA-x32v-7qw8-cpq8
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.3
purl pkg:composer/moodle/moodle@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
1
vulnerability VCID-e2zc-7ujn-wybu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3
aliases CVE-2016-8642, GHSA-x32v-7qw8-cpq8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu
27
url VCID-vb67-yux5-ayhf
vulnerability_id VCID-vb67-yux5-ayhf
summary 
Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=339631
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=339631
1
reference_url http://www.securityfocus.com/bid/93174
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93174
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
reference_id CVE-2016-7038
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.2
purl pkg:composer/moodle/moodle@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k1bh-ymgt-e7cd
1
vulnerability VCID-v54t-5thx-1beu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2
aliases CVE-2016-7038
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf
28
url VCID-vfp6-4h8n-bkax
vulnerability_id VCID-vfp6-4h8n-bkax
summary 
Code Injection
Moodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630
2
reference_url https://moodle.org/mod/forum/discuss.php?d=376023
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=376023
3
reference_url http://www.securityfocus.com/bid/105354
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105354
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14630
reference_id CVE-2018-14630
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14630
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.14
purl pkg:composer/moodle/moodle@3.1.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.14
1
url pkg:composer/moodle/moodle@3.3.8
purl pkg:composer/moodle/moodle@3.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.8
2
url pkg:composer/moodle/moodle@3.4.5
purl pkg:composer/moodle/moodle@3.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5
3
url pkg:composer/moodle/moodle@3.5.2
purl pkg:composer/moodle/moodle@3.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2
aliases CVE-2018-14630
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfp6-4h8n-bkax
29
url VCID-vtq4-fpr8-hudb
vulnerability_id VCID-vtq4-fpr8-hudb
summary 
Exposure of Resource to Wrong Sphere
In Moodle, searching of arbitrary blogs is possible because a capability check is missing.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352354
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352354
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
reference_id CVE-2017-7490
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7490
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtq4-fpr8-hudb
30
url VCID-x927-nh46-7fdy
vulnerability_id VCID-x927-nh46-7fdy
summary 
Cross-site Scripting
In Moodle, an XSS can occur via attachments to evidence of prior learning.
references
0
reference_url http://www.securityfocus.com/bid/96982
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96982
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
reference_id CVE-2017-2645
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2645
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x927-nh46-7fdy
31
url VCID-yp82-zj5g-pbaf
vulnerability_id VCID-yp82-zj5g-pbaf
summary 
Improper Privilege Management
Course creators are able to change system default settings for courses.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=355556
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=355556
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
reference_id CVE-2017-7532
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.7
purl pkg:composer/moodle/moodle@3.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7
1
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
2
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-7532
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf
32
url VCID-zgzm-wj81-jkah
vulnerability_id VCID-zgzm-wj81-jkah
summary 
Cross-site Scripting
Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=358585
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=358585
1
reference_url http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100867
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
reference_id CVE-2017-12156
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.9
purl pkg:composer/moodle/moodle@3.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9
1
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
2
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-12156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0