Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.2.0
Typecomposer
Namespacemoodle
Namemoodle
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.2
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-1uce-2wtr-8bfg
vulnerability_id VCID-1uce-2wtr-8bfg
summary 
Improper Input Validation
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
1
reference_url http://openwall.com/lists/oss-security/2013/01/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/01/21/1
2
reference_url https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
3
reference_url https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
4
reference_url https://moodle.org/mod/forum/discuss.php?d=220160
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=220160
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6099
reference_id CVE-2012-6099
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6099
6
reference_url https://github.com/advisories/GHSA-cr78-rphw-w73p
reference_id GHSA-cr78-rphw-w73p
reference_type
scores
url https://github.com/advisories/GHSA-cr78-rphw-w73p
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.7
purl pkg:composer/moodle/moodle@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7
1
url pkg:composer/moodle/moodle@2.3.4
purl pkg:composer/moodle/moodle@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4
2
url pkg:composer/moodle/moodle@2.4.1
purl pkg:composer/moodle/moodle@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1
aliases CVE-2012-6099, GHSA-cr78-rphw-w73p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uce-2wtr-8bfg
1
url VCID-29gm-tfg6-xkey
vulnerability_id VCID-29gm-tfg6-xkey
summary 
Moodle Authentication Bypass in Question-Bank
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239
1
reference_url http://openwall.com/lists/oss-security/2012/05/23/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2012/05/23/2
2
reference_url https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c
3
reference_url https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd
4
reference_url https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2356
reference_id CVE-2012-2356
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-2356
6
reference_url https://github.com/advisories/GHSA-3rqj-jchw-9cc7
reference_id GHSA-3rqj-jchw-9cc7
reference_type
scores
url https://github.com/advisories/GHSA-3rqj-jchw-9cc7
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.3
purl pkg:composer/moodle/moodle@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.3
aliases CVE-2012-2356, GHSA-3rqj-jchw-9cc7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29gm-tfg6-xkey
2
url VCID-2vsp-tbwq-1qhf
vulnerability_id VCID-2vsp-tbwq-1qhf
summary 
Moodle does not enforce the forceloginforprofiles setting
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
3
reference_url http://openwall.com/lists/oss-security/2013/03/25/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/03/25/2
4
reference_url https://github.com/moodle/moodle/commit/3ecc63e9dbe29c6a5a8f65fa8e7980ba0fffb5a8
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/3ecc63e9dbe29c6a5a8f65fa8e7980ba0fffb5a8
5
reference_url https://moodle.org/mod/forum/discuss.php?d=225341
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=225341
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1830
reference_id CVE-2013-1830
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-1830
7
reference_url https://github.com/advisories/GHSA-8r7x-qq55-74v2
reference_id GHSA-8r7x-qq55-74v2
reference_type
scores
url https://github.com/advisories/GHSA-8r7x-qq55-74v2
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.8
purl pkg:composer/moodle/moodle@2.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8
1
url pkg:composer/moodle/moodle@2.3.5
purl pkg:composer/moodle/moodle@2.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5
2
url pkg:composer/moodle/moodle@2.4.2
purl pkg:composer/moodle/moodle@2.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2
aliases CVE-2013-1830, GHSA-8r7x-qq55-74v2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vsp-tbwq-1qhf
3
url VCID-41up-e414-hyba
vulnerability_id VCID-41up-e414-hyba
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
3
reference_url http://openwall.com/lists/oss-security/2013/03/25/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/03/25/2
4
reference_url https://moodle.org/mod/forum/discuss.php?d=225344
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=225344
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1833
reference_id CVE-2013-1833
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-1833
6
reference_url https://github.com/advisories/GHSA-89f3-74m6-g27g
reference_id GHSA-89f3-74m6-g27g
reference_type
scores
url https://github.com/advisories/GHSA-89f3-74m6-g27g
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.8
purl pkg:composer/moodle/moodle@2.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8
1
url pkg:composer/moodle/moodle@2.3.5
purl pkg:composer/moodle/moodle@2.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5
2
url pkg:composer/moodle/moodle@2.4.2
purl pkg:composer/moodle/moodle@2.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2
aliases CVE-2013-1833, GHSA-89f3-74m6-g27g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41up-e414-hyba
4
url VCID-4cdk-8y5v-nba1
vulnerability_id VCID-4cdk-8y5v-nba1
summary 
Insertion of Sensitive Information into Log File
Moodle before 2.2.2 has users' private files included in course backups
references
0
reference_url http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
reference_id
reference_type
scores
url http://docs.moodle.org/dev/Moodle_2.0.8_release_notes
1
reference_url http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
reference_id
reference_type
scores
url http://docs.moodle.org/dev/Moodle_2.1.5_release_notes
2
reference_url http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
reference_id
reference_type
scores
url http://docs.moodle.org/dev/Moodle_2.2.2_release_notes
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
5
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
6
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
7
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156
9
reference_url https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570
10
reference_url https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272
11
reference_url https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c
12
reference_url https://moodle.org/mod/forum/discuss.php?d=198623
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=198623
13
reference_url https://access.redhat.com/security/cve/cve-2012-1156
reference_id CVE-2012-1156
reference_type
scores
url https://access.redhat.com/security/cve/cve-2012-1156
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1156
reference_id CVE-2012-1156
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-1156
15
reference_url https://security-tracker.debian.org/tracker/CVE-2012-1156
reference_id CVE-2012-1156
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2012-1156
16
reference_url https://github.com/advisories/GHSA-358r-g2xw-7c83
reference_id GHSA-358r-g2xw-7c83
reference_type
scores
url https://github.com/advisories/GHSA-358r-g2xw-7c83
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.2
purl pkg:composer/moodle/moodle@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2
aliases CVE-2012-1156, GHSA-358r-g2xw-7c83
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cdk-8y5v-nba1
5
url VCID-b2tv-8q9g-qqfz
vulnerability_id VCID-b2tv-8q9g-qqfz
summary 
Improper Input Validation
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
4
reference_url http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/05/21/1
5
reference_url https://moodle.org/mod/forum/discuss.php?d=228935
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=228935
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2083
reference_id CVE-2013-2083
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2083
7
reference_url https://github.com/advisories/GHSA-m63h-q4x3-6hwj
reference_id GHSA-m63h-q4x3-6hwj
reference_type
scores
url https://github.com/advisories/GHSA-m63h-q4x3-6hwj
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.10
purl pkg:composer/moodle/moodle@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qgn8-zs2m-vkc4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10
1
url pkg:composer/moodle/moodle@2.3.7
purl pkg:composer/moodle/moodle@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7
2
url pkg:composer/moodle/moodle@2.4.4
purl pkg:composer/moodle/moodle@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4
aliases CVE-2013-2083, GHSA-m63h-q4x3-6hwj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2tv-8q9g-qqfz
6
url VCID-c9kg-rsj3-b3bw
vulnerability_id VCID-c9kg-rsj3-b3bw
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
1
reference_url http://openwall.com/lists/oss-security/2012/05/23/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2012/05/23/2
2
reference_url https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
3
reference_url https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a
4
reference_url https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2353
reference_id CVE-2012-2353
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-2353
6
reference_url https://github.com/advisories/GHSA-mr97-gvvg-rhgh
reference_id GHSA-mr97-gvvg-rhgh
reference_type
scores
url https://github.com/advisories/GHSA-mr97-gvvg-rhgh
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.3
purl pkg:composer/moodle/moodle@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.3
aliases CVE-2012-2353, GHSA-mr97-gvvg-rhgh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9kg-rsj3-b3bw
7
url VCID-e2hb-w8g1-xbax
vulnerability_id VCID-e2hb-w8g1-xbax
summary 
Incorrect Default Permissions
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157
6
reference_url https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4
7
reference_url https://moodle.org/mod/forum/discuss.php?d=198624
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=198624
8
reference_url https://access.redhat.com/security/cve/cve-2012-1157
reference_id CVE-2012-1157
reference_type
scores
url https://access.redhat.com/security/cve/cve-2012-1157
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1157
reference_id CVE-2012-1157
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-1157
10
reference_url https://security-tracker.debian.org/tracker/CVE-2012-1157
reference_id CVE-2012-1157
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2012-1157
11
reference_url https://github.com/advisories/GHSA-2x36-7xfm-pgm7
reference_id GHSA-2x36-7xfm-pgm7
reference_type
scores
url https://github.com/advisories/GHSA-2x36-7xfm-pgm7
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.2
purl pkg:composer/moodle/moodle@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2
aliases CVE-2012-1157, GHSA-2x36-7xfm-pgm7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2hb-w8g1-xbax
8
url VCID-et8t-f1u1-kudb
vulnerability_id VCID-et8t-f1u1-kudb
summary 
Moodle Allows Unauthenticated Dropbox Access
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
1
reference_url http://openwall.com/lists/oss-security/2012/11/19/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2012/11/19/1
2
reference_url https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
3
reference_url https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
4
reference_url https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
5
reference_url https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
6
reference_url https://moodle.org/mod/forum/discuss.php?d=216155
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=216155
7
reference_url https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505
reference_id
reference_type
scores
url https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5471
reference_id CVE-2012-5471
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-5471
9
reference_url https://github.com/advisories/GHSA-mpjx-8phj-5m34
reference_id GHSA-mpjx-8phj-5m34
reference_type
scores
url https://github.com/advisories/GHSA-mpjx-8phj-5m34
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.6
purl pkg:composer/moodle/moodle@2.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.6
1
url pkg:composer/moodle/moodle@2.3.3
purl pkg:composer/moodle/moodle@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.3
aliases CVE-2012-5471, GHSA-mpjx-8phj-5m34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et8t-f1u1-kudb
9
url VCID-jbvt-9yy2-afb4
vulnerability_id VCID-jbvt-9yy2-afb4
summary 
Exposure of Sensitive Information to an Unauthorized Actor
Moodle before 2.2.2: Overview report allows users to see hidden courses
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159
6
reference_url https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544
7
reference_url https://moodle.org/mod/forum/discuss.php?d=198628
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=198628
8
reference_url https://access.redhat.com/security/cve/cve-2012-1159
reference_id CVE-2012-1159
reference_type
scores
url https://access.redhat.com/security/cve/cve-2012-1159
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1159
reference_id CVE-2012-1159
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-1159
10
reference_url https://security-tracker.debian.org/tracker/CVE-2012-1159
reference_id CVE-2012-1159
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2012-1159
11
reference_url https://github.com/advisories/GHSA-p9hr-f4xj-8w8r
reference_id GHSA-p9hr-f4xj-8w8r
reference_type
scores
url https://github.com/advisories/GHSA-p9hr-f4xj-8w8r
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.2
purl pkg:composer/moodle/moodle@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2
aliases CVE-2012-1159, GHSA-p9hr-f4xj-8w8r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbvt-9yy2-afb4
10
url VCID-mh2f-ytz5-9fhg
vulnerability_id VCID-mh2f-ytz5-9fhg
summary 
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
1
reference_url http://openwall.com/lists/oss-security/2013/01/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/01/21/1
2
reference_url https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
3
reference_url https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
4
reference_url https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
5
reference_url https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
6
reference_url https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
reference_id
reference_type
scores
url https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
7
reference_url https://moodle.org/mod/forum/discuss.php?d=220157
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=220157
8
reference_url https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
reference_id
reference_type
scores
url https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
9
reference_url https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
reference_id
reference_type
scores
url https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6112
reference_id CVE-2012-6112
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6112
11
reference_url https://github.com/advisories/GHSA-fx5h-3786-h2w6
reference_id GHSA-fx5h-3786-h2w6
reference_type
scores
url https://github.com/advisories/GHSA-fx5h-3786-h2w6
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.7
purl pkg:composer/moodle/moodle@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7
1
url pkg:composer/moodle/moodle@2.3.4
purl pkg:composer/moodle/moodle@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4
2
url pkg:composer/moodle/moodle@2.4.1
purl pkg:composer/moodle/moodle@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1
aliases CVE-2012-6112, GHSA-fx5h-3786-h2w6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg
11
url VCID-vgxb-fkuj-9fgk
vulnerability_id VCID-vgxb-fkuj-9fgk
summary 
Exposure of Sensitive Information to an Unauthorized Actor
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
3
reference_url http://openwall.com/lists/oss-security/2013/03/25/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/03/25/2
4
reference_url https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727
5
reference_url https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8
6
reference_url https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32
7
reference_url https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190
8
reference_url https://moodle.org/mod/forum/discuss.php?d=225343
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=225343
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1832
reference_id CVE-2013-1832
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-1832
10
reference_url https://github.com/advisories/GHSA-pgp5-rcwp-qvfg
reference_id GHSA-pgp5-rcwp-qvfg
reference_type
scores
url https://github.com/advisories/GHSA-pgp5-rcwp-qvfg
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.8
purl pkg:composer/moodle/moodle@2.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8
1
url pkg:composer/moodle/moodle@2.3.5
purl pkg:composer/moodle/moodle@2.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5
2
url pkg:composer/moodle/moodle@2.4.2
purl pkg:composer/moodle/moodle@2.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2
aliases CVE-2013-1832, GHSA-pgp5-rcwp-qvfg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgxb-fkuj-9fgk
12
url VCID-y15n-cf9z-dyc4
vulnerability_id VCID-y15n-cf9z-dyc4
summary 
Exposure of Sensitive Information to an Unauthorized Actor
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
3
reference_url http://openwall.com/lists/oss-security/2013/03/25/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/03/25/2
4
reference_url https://github.com/moodle/moodle/commit/2c7cdbb3b0b6ba4dd64297463d37a5acbd730216
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/2c7cdbb3b0b6ba4dd64297463d37a5acbd730216
5
reference_url https://github.com/moodle/moodle/commit/53c66110a878f4f4644728138ea97c22990263e3
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/53c66110a878f4f4644728138ea97c22990263e3
6
reference_url https://github.com/moodle/moodle/commit/8d220cb552d9c55b98aef70e2f40ef560efeb79b
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/8d220cb552d9c55b98aef70e2f40ef560efeb79b
7
reference_url https://github.com/moodle/moodle/commit/b3daaada49a2dd83a4f1e832465d5c318f9f275c
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/b3daaada49a2dd83a4f1e832465d5c318f9f275c
8
reference_url https://moodle.org/mod/forum/discuss.php?d=225342
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=225342
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1831
reference_id CVE-2013-1831
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-1831
10
reference_url https://github.com/advisories/GHSA-xr24-jp5c-6c4v
reference_id GHSA-xr24-jp5c-6c4v
reference_type
scores
url https://github.com/advisories/GHSA-xr24-jp5c-6c4v
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.8
purl pkg:composer/moodle/moodle@2.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8
1
url pkg:composer/moodle/moodle@2.3.5
purl pkg:composer/moodle/moodle@2.3.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5
2
url pkg:composer/moodle/moodle@2.4.2
purl pkg:composer/moodle/moodle@2.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2
aliases CVE-2013-1831, GHSA-xr24-jp5c-6c4v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y15n-cf9z-dyc4
13
url VCID-yyug-rt71-yfds
vulnerability_id VCID-yyug-rt71-yfds
summary 
Moodle Users Can Bypass Deleted Status
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126
1
reference_url http://moodle.org/mod/forum/discuss.php?d=194016
reference_id
reference_type
scores
url http://moodle.org/mod/forum/discuss.php?d=194016
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=783532
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=783532
3
reference_url https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea
4
reference_url https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7
5
reference_url https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff
6
reference_url https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0797
reference_id CVE-2012-0797
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-0797
8
reference_url https://github.com/advisories/GHSA-72gv-qqrp-h9qg
reference_id GHSA-72gv-qqrp-h9qg
reference_type
scores
url https://github.com/advisories/GHSA-72gv-qqrp-h9qg
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.1
purl pkg:composer/moodle/moodle@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4cdk-8y5v-nba1
1
vulnerability VCID-e2hb-w8g1-xbax
2
vulnerability VCID-jbvt-9yy2-afb4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.1
aliases CVE-2012-0797, GHSA-72gv-qqrp-h9qg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyug-rt71-yfds
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.0