Search for packages
| purl | pkg:composer/moodle/moodle@2.1.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2mpa-ysw3-kbdg
Aliases: CVE-2012-2356 GHSA-3rqj-jchw-9cc7 |
Moodle Authentication Bypass in Question-Bank The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4ays-sgtv-2ugg
Aliases: CVE-2012-1156 GHSA-358r-g2xw-7c83 |
Moodle backs up private files Moodle before 2.2.2, 2.1.5, and 2.0.8 had users' private files included in course backups unnecessarily. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-5fnh-btdr-cbcz
Aliases: CVE-2011-4582 GHSA-jcrj-x36p-h9f6 |
Moodle Open Redirect in Calendar Set Page Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. |
Affected by 0 other vulnerabilities. |
|
VCID-6fbt-nz6e-nbd2
Aliases: CVE-2012-6099 GHSA-cr78-rphw-w73p |
Moodle Arbitrary File Read via Backup Functionality The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 227 other vulnerabilities. Affected by 230 other vulnerabilities. |
|
VCID-7wfy-ub8w-zub2
Aliases: CVE-2011-4298 GHSA-8hxm-42v5-66hm |
Moodle vulnerable to Cross-Site Request Forgery Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. |
Affected by 0 other vulnerabilities. |
|
VCID-9vnd-cada-2ufg
Aliases: CVE-2011-4301 GHSA-jcrj-gmr6-p5j8 |
Moodle Allows Modification of Constants The `MoodleQuickForm` class in the Forms Library in `lib/formslib.php` in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API `setConstant` operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. |
Affected by 0 other vulnerabilities. |
|
VCID-bvjv-cdnz-hfe5
Aliases: CVE-2012-5471 GHSA-mpjx-8phj-5m34 |
Moodle Allows Unauthenticated Dropbox Access The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-c6cg-mekw-bfc9
Aliases: CVE-2011-4299 GHSA-h6px-pvfh-q2jv |
Moodle vulnerable to Cross-Site Scripting Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. |
Affected by 0 other vulnerabilities. |
|
VCID-h159-uuxe-vfa1
Aliases: CVE-2012-2353 GHSA-mr97-gvvg-rhgh |
Moodle Exposes Sensitive User Information Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hum9-nt6p-6kde
Aliases: CVE-2011-4293 GHSA-wxvp-8q8h-r6rr |
Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. |
Affected by 0 other vulnerabilities. |
|
VCID-j6nc-cnze-53dr
Aliases: CVE-2011-4203 GHSA-4w8m-96v9-2c86 |
Moodle CRLF Injection Vulnerability in Calendar Component CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. |
Affected by 0 other vulnerabilities. |
|
VCID-nfyh-8p8f-6qhc
Aliases: CVE-2011-4297 GHSA-62wv-866c-rh86 |
Moodle does not properly restrict comment capabilities comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. |
Affected by 0 other vulnerabilities. |
|
VCID-nyge-5v2a-6fh7
Aliases: CVE-2012-1159 GHSA-p9hr-f4xj-8w8r |
Moodle included private user files in course backups Moodle before 2.2.2 is vulnerable to information disclosure because course backups were including users' private files. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ts9s-qsve-37dw
Aliases: CVE-2012-0797 GHSA-72gv-qqrp-h9qg |
Moodle Users Can Bypass Deleted Status The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-uert-vark-uyb4
Aliases: CVE-2011-4300 GHSA-9p54-pc88-36c4 |
Moodle does not properly restrict access to category and course data The `file_browser` component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. |
Affected by 0 other vulnerabilities. |
|
VCID-vpm4-thxc-tqb6
Aliases: CVE-2012-1157 GHSA-2x36-7xfm-pgm7 |
Moodle default permissions too permissive Moodle before 2.2.2 default settings allowed all repositories to be viewable by all authenticated users. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-weqz-n7rq-6ubc
Aliases: CVE-2011-4294 GHSA-hxmp-8f47-x9fc |
Moodle Open Redirect Via Error Messages The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via error message links that lead offsite. |
Affected by 0 other vulnerabilities. |
|
VCID-zzux-kjjt-f3fg
Aliases: CVE-2012-6112 GHSA-fx5h-3786-h2w6 |
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 227 other vulnerabilities. Affected by 230 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||