Search for packages
| purl | pkg:composer/moodle/moodle@1.8.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5brn-syjs-d3dp
Aliases: CVE-2010-1619 GHSA-hhxf-w8hj-43w6 |
Moodle vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6ed1-up33-77ex
Aliases: CVE-2008-5153 GHSA-x7r4-26m9-hmgq |
Moodle vulnerable to symlink attack `spell-check-logic.cgi` in Moodle 1.9 before 1.9.4, 1.8 before 1.8.8, 1.7 before 1.7.7 and 1.6 before 1.6.9 allows local users to overwrite arbitrary files via a symlink attack on the (1) `/tmp/spell-check-debug.log`, (2) `/tmp/spell-check-before`, or (3) `/tmp/spell-check-after` temporary file. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-738a-akbf-n7am
Aliases: CVE-2010-1613 GHSA-j5rc-cr5w-vfg6 |
Moodle Session Fixation vulnerability Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. |
Affected by 0 other vulnerabilities. |
|
VCID-9c4r-bgx4-nkgm
Aliases: CVE-2010-1617 GHSA-q53j-c866-h9mw |
Moodle doesn't properly check role user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k46m-rrbx-mkfc
Aliases: CVE-2010-1616 GHSA-966m-m549-2878 |
Moodle is vulnerable to unauthorized new accounts creation Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q4tm-cf8e-dbhs
Aliases: CVE-2010-1618 GHSA-45ch-hxgr-vx8j |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-snna-e5qt-gfeh
Aliases: CVE-2010-1615 GHSA-9xp2-5fr9-7mwm |
Moodle vulnerable to SQL injection Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x2dc-hrjw-eqfh
Aliases: CVE-2010-1614 GHSA-5fgv-cvr8-xg48 |
Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||