Search for packages
| purl | pkg:composer/moodle/moodle@2.2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2mpa-ysw3-kbdg
Aliases: CVE-2012-2356 GHSA-3rqj-jchw-9cc7 |
Moodle Authentication Bypass in Question-Bank The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. |
Affected by 0 other vulnerabilities. |
|
VCID-4ays-sgtv-2ugg
Aliases: CVE-2012-1156 GHSA-358r-g2xw-7c83 |
Moodle backs up private files Moodle before 2.2.2, 2.1.5, and 2.0.8 had users' private files included in course backups unnecessarily. |
Affected by 0 other vulnerabilities. |
|
VCID-5zd6-mgm1-nqh7
Aliases: CVE-2013-1830 GHSA-8r7x-qq55-74v2 |
Moodle does not enforce the forceloginforprofiles setting `user/view.php` in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the `forceloginforprofiles` setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. |
Affected by 0 other vulnerabilities. Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-6fbt-nz6e-nbd2
Aliases: CVE-2012-6099 GHSA-cr78-rphw-w73p |
Moodle Arbitrary File Read via Backup Functionality The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. |
Affected by 0 other vulnerabilities. Affected by 227 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 230 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-bvjv-cdnz-hfe5
Aliases: CVE-2012-5471 GHSA-mpjx-8phj-5m34 |
Moodle Allows Unauthenticated Dropbox Access The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
|
|
VCID-h159-uuxe-vfa1
Aliases: CVE-2012-2353 GHSA-mr97-gvvg-rhgh |
Moodle Exposes Sensitive User Information Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. |
Affected by 0 other vulnerabilities. |
|
VCID-kgtb-s2y4-juh8
Aliases: CVE-2013-1833 GHSA-89f3-74m6-g27g |
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. |
Affected by 0 other vulnerabilities. Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-khe2-k1fb-qbgk
Aliases: CVE-2013-2083 GHSA-m63h-q4x3-6hwj |
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class The MoodleQuickForm class in `lib/formslib.php` in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-nyge-5v2a-6fh7
Aliases: CVE-2012-1159 GHSA-p9hr-f4xj-8w8r |
Moodle included private user files in course backups Moodle before 2.2.2 is vulnerable to information disclosure because course backups were including users' private files. |
Affected by 0 other vulnerabilities. |
|
VCID-ts9s-qsve-37dw
Aliases: CVE-2012-0797 GHSA-72gv-qqrp-h9qg |
Moodle Users Can Bypass Deleted Status The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. |
Affected by 3 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-vpm4-thxc-tqb6
Aliases: CVE-2012-1157 GHSA-2x36-7xfm-pgm7 |
Moodle default permissions too permissive Moodle before 2.2.2 default settings allowed all repositories to be viewable by all authenticated users. |
Affected by 0 other vulnerabilities. |
|
VCID-xn5k-t4zd-h7g4
Aliases: CVE-2013-1831 GHSA-xr24-jp5c-6c4v |
Moodle reveals absolute path in exception message lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. |
Affected by 0 other vulnerabilities. Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-yf7v-fq77-7fgs
Aliases: CVE-2013-1832 GHSA-pgp5-rcwp-qvfg |
Moodle includes the WebDAV password in the configuration form repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. |
Affected by 0 other vulnerabilities. Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-zzux-kjjt-f3fg
Aliases: CVE-2012-6112 GHSA-fx5h-3786-h2w6 |
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. |
Affected by 0 other vulnerabilities. Affected by 227 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 230 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||