Search for packages
| purl | pkg:composer/moodle/moodle@2.3.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1p7p-yyy8-9ugd
Aliases: CVE-2013-1834 GHSA-prrh-679x-79qh |
Moodle allows remote authenticated users to reassign notes notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-2gs2-5hpc-8bdx
Aliases: CVE-2012-3387 GHSA-w66h-c2vj-cm7f |
Moodle Authentication Bypass in File Upload Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. |
Affected by 0 other vulnerabilities. |
|
VCID-3fz6-js97-dude
Aliases: CVE-2013-1836 GHSA-664q-mrxx-2x2v |
Moodle does not properly manage privileges for WebDAV repositories Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-5zd6-mgm1-nqh7
Aliases: CVE-2013-1830 GHSA-8r7x-qq55-74v2 |
Moodle does not enforce the forceloginforprofiles setting `user/view.php` in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the `forceloginforprofiles` setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-6fbt-nz6e-nbd2
Aliases: CVE-2012-6099 GHSA-cr78-rphw-w73p |
Moodle Arbitrary File Read via Backup Functionality The moodle1 backup converter in `backup/converter/moodle1/lib.php` in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. |
Affected by 227 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 230 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-ak5z-ggnx-6bhe
Aliases: CVE-2013-2082 GHSA-wp3g-pr4h-q6vv |
Moodle does not enforce capability requirements for reading blog comments Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. |
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-bvjv-cdnz-hfe5
Aliases: CVE-2012-5471 GHSA-mpjx-8phj-5m34 |
Moodle Allows Unauthenticated Dropbox Access The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. |
Affected by 1 other vulnerability.
This version is affected by these other vulnerabilities:
|
|
VCID-fk37-49yf-rug8
Aliases: CVE-2013-1835 GHSA-cc94-hwj3-rf65 |
Moodle's login_as feature leaks information from external repositories Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-hexy-ppcc-mubc
Aliases: CVE-2013-4942 GHSA-9ww8-j8j2-3788 |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 213 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-kgtb-s2y4-juh8
Aliases: CVE-2013-1833 GHSA-89f3-74m6-g27g |
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-khe2-k1fb-qbgk
Aliases: CVE-2013-2083 GHSA-m63h-q4x3-6hwj |
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class The MoodleQuickForm class in `lib/formslib.php` in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. |
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-np1c-zfp4-gkfc
Aliases: CVE-2013-2081 GHSA-x3x8-fjw6-hccx |
Moodle does not consider "don't send" attributes during hub registration Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. |
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-t85p-u6ky-zbbn
Aliases: CVE-2013-4941 GHSA-64r3-582j-frqm |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 213 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-wcmd-cnkc-pbby
Aliases: CVE-2013-2080 GHSA-wmmc-qjq2-vvm2 |
Moodle is vulnerable to Sensitive Information Disclosure The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report. |
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-wksm-3eed-kqg9
Aliases: CVE-2013-4940 GHSA-x5hj-47vv-53p8 |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. |
Affected by 213 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 216 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 219 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-xn5k-t4zd-h7g4
Aliases: CVE-2013-1831 GHSA-xr24-jp5c-6c4v |
Moodle reveals absolute path in exception message lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-yf7v-fq77-7fgs
Aliases: CVE-2013-1832 GHSA-pgp5-rcwp-qvfg |
Moodle includes the WebDAV password in the configuration form repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. |
Affected by 220 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 223 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-zzux-kjjt-f3fg
Aliases: CVE-2012-6112 GHSA-fx5h-3786-h2w6 |
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. |
Affected by 227 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 230 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||