Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.2.0
Typecomposer
Namespacemoodle
Namemoodle
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.9
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-2dxb-v1af-jbax
vulnerability_id VCID-2dxb-v1af-jbax
summary 
Cross-Site Request Forgery (CSRF)
A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352355
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352355
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
reference_id CVE-2017-7491
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7491
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dxb-v1af-jbax
1
url VCID-2qjr-wjh1-8fh6
vulnerability_id VCID-2qjr-wjh1-8fh6
summary 
Information Exposure
In Moodle global search displays user names for unauthenticated users.
references
0
reference_url http://www.securityfocus.com/bid/96978
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96978
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2643
reference_id CVE-2017-2643
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2643
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2643
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjr-wjh1-8fh6
2
url VCID-5rbf-4dz3-2qdz
vulnerability_id VCID-5rbf-4dz3-2qdz
summary 
Improper Privilege Management
Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352353
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352353
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
reference_id CVE-2017-7489
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7489
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rbf-4dz3-2qdz
3
url VCID-65y9-9ur2-pugc
vulnerability_id VCID-65y9-9ur2-pugc
summary 
Improper Input Validation
There is incorrect sanitization of attributes in forums.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=345912
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=345912
1
reference_url http://www.securityfocus.com/bid/95649
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95649
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
reference_id CVE-2017-2576
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.1
purl pkg:composer/moodle/moodle@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qjr-wjh1-8fh6
1
vulnerability VCID-dhku-uah4-ykh8
2
vulnerability VCID-jn5n-6hg9-tyf7
3
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1
aliases CVE-2017-2576
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc
4
url VCID-83kb-4mk9-t7ge
vulnerability_id VCID-83kb-4mk9-t7ge
summary 
Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=361784
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=361784
1
reference_url http://www.securityfocus.com/bid/101909
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101909
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
reference_id CVE-2017-15110
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
1
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-15110
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge
5
url VCID-9nd7-4wve-97hc
vulnerability_id VCID-9nd7-4wve-97hc
summary 
Information Exposure
Various course reports allow teachers to view details about users in the groups they cannot access.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=358586
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=358586
1
reference_url http://www.securityfocus.com/bid/100848
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100848
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
reference_id CVE-2017-12157
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.5
purl pkg:composer/moodle/moodle@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5
1
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-12157
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc
6
url VCID-ajkr-fxa1-mkhk
vulnerability_id VCID-ajkr-fxa1-mkhk
summary 
Cross-site Scripting
Moodle is vulnerable to XSS via a calendar event name.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=364384
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=364384
1
reference_url http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102755
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1045
reference_id CVE-2018-1045
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1045
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
aliases CVE-2018-1045
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk
7
url VCID-b7br-bh2d-rygp
vulnerability_id VCID-b7br-bh2d-rygp
summary 
Improper Input Validation
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371204
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371204
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
reference_id CVE-2018-1137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp
8
url VCID-ckg1-9vpt-yfdk
vulnerability_id VCID-ckg1-9vpt-yfdk
summary 
Improper Privilege Management
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371200
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371200
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
reference_id CVE-2018-1134
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk
9
url VCID-dhku-uah4-ykh8
vulnerability_id VCID-dhku-uah4-ykh8
summary 
SQL Injection
An SQL injection can occur via user preferences.
references
0
reference_url http://www.securityfocus.com/bid/96977
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96977
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
reference_id CVE-2017-2641
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2641
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhku-uah4-ykh8
10
url VCID-duna-st9c-mqbk
vulnerability_id VCID-duna-st9c-mqbk
summary 
Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=364383
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=364383
1
reference_url http://www.securityfocus.com/bid/102754
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102754
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1044
reference_id CVE-2018-1044
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1044
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1044
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk
11
url VCID-e2zc-7ujn-wybu
vulnerability_id VCID-e2zc-7ujn-wybu
summary 
Cross-site Scripting
There is XSS in the assignment submission page.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=345915
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=345915
1
reference_url http://www.securityfocus.com/bid/95647
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95647
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2578
reference_id CVE-2017-2578
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2578
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.1
purl pkg:composer/moodle/moodle@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qjr-wjh1-8fh6
1
vulnerability VCID-dhku-uah4-ykh8
2
vulnerability VCID-jn5n-6hg9-tyf7
3
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1
aliases CVE-2017-2578
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zc-7ujn-wybu
12
url VCID-fegs-ubsk-63hu
vulnerability_id VCID-fegs-ubsk-63hu
summary 
Information Exposure
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371201
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371201
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
reference_id CVE-2018-1135
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1135
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu
13
url VCID-g8ct-c4ce-zuaf
vulnerability_id VCID-g8ct-c4ce-zuaf
summary 
Cross-site Scripting
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371202
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371202
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
reference_id CVE-2018-1136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf
14
url VCID-jn5n-6hg9-tyf7
vulnerability_id VCID-jn5n-6hg9-tyf7
summary 
Cross-site Scripting
An XSS can occur via evidence of prior learning.
references
0
reference_url http://www.securityfocus.com/bid/96979
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96979
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
reference_id CVE-2017-2644
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2644
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jn5n-6hg9-tyf7
15
url VCID-m4zv-e3dn-budf
vulnerability_id VCID-m4zv-e3dn-budf
summary 
Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=367938
1
reference_url http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103728
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id CVE-2018-1081
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.8
purl pkg:composer/moodle/moodle@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8
1
url pkg:composer/moodle/moodle@3.3.5
purl pkg:composer/moodle/moodle@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5
2
url pkg:composer/moodle/moodle@3.4.2
purl pkg:composer/moodle/moodle@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2
aliases CVE-2018-1081
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf
16
url VCID-nc2j-pay7-ryab
vulnerability_id VCID-nc2j-pay7-ryab
summary 
Insufficient Access Control
The setting for blocked hosts list can be bypassed with multiple A record `hostnames`.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=364382
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=364382
1
reference_url http://www.securityfocus.com/bid/102769
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102769
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1043
reference_id CVE-2018-1043
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1043
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1043
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab
17
url VCID-p2gd-7uam-mqf8
vulnerability_id VCID-p2gd-7uam-mqf8
summary 
Injection Vulnerability
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371199
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371199
1
reference_url https://www.exploit-db.com/exploits/46551/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46551/
2
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
reference_id CVE-2018-1133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8
18
url VCID-q2fa-jymp-c3bb
vulnerability_id VCID-q2fa-jymp-c3bb
summary 
Information Exposure
Moodle has a user fullname disclosure through the user preferences page.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=355554
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=355554
1
reference_url http://www.securityfocus.com/bid/99606
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99606
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
reference_id CVE-2017-2642
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
1
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-2642
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb
19
url VCID-vtq4-fpr8-hudb
vulnerability_id VCID-vtq4-fpr8-hudb
summary 
Exposure of Resource to Wrong Sphere
In Moodle, searching of arbitrary blogs is possible because a capability check is missing.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=352354
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=352354
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
reference_id CVE-2017-7490
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q2fa-jymp-c3bb
1
vulnerability VCID-yp82-zj5g-pbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7490
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtq4-fpr8-hudb
20
url VCID-x927-nh46-7fdy
vulnerability_id VCID-x927-nh46-7fdy
summary 
Cross-site Scripting
In Moodle, an XSS can occur via attachments to evidence of prior learning.
references
0
reference_url http://www.securityfocus.com/bid/96982
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96982
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
reference_id CVE-2017-2645
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-b1q7-u3cx-ukej
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2645
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x927-nh46-7fdy
21
url VCID-yghg-775s-vber
vulnerability_id VCID-yghg-775s-vber
summary 
Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=364381
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=364381
1
reference_url http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102752
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1042
reference_id CVE-2018-1042
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1042
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fygy-9njn-abgd
1
vulnerability VCID-m4zv-e3dn-budf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1042
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber
22
url VCID-yp82-zj5g-pbaf
vulnerability_id VCID-yp82-zj5g-pbaf
summary 
Improper Privilege Management
Course creators are able to change system default settings for courses.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=355556
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=355556
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
reference_id CVE-2017-7532
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9nd7-4wve-97hc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
1
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-83kb-4mk9-t7ge
1
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-7532
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf
23
url VCID-zgzm-wj81-jkah
vulnerability_id VCID-zgzm-wj81-jkah
summary 
Cross-site Scripting
Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=358585
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=358585
1
reference_url http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100867
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
reference_id CVE-2017-12156
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
1
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ajkr-fxa1-mkhk
1
vulnerability VCID-duna-st9c-mqbk
2
vulnerability VCID-nc2j-pay7-ryab
3
vulnerability VCID-yghg-775s-vber
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-12156
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.0