Max CVSS | 6.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-3396 | 3.5 |
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the i
|
13-02-2023 - 04:34 | 23-07-2012 - 21:55 | |
CVE-2012-3394 | 5.0 |
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by
|
13-02-2023 - 04:34 | 23-07-2012 - 21:55 | |
CVE-2012-3390 | 3.5 |
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a
|
13-02-2023 - 04:33 | 23-07-2012 - 21:55 | |
CVE-2012-3389 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
|
01-12-2020 - 14:52 | 23-07-2012 - 21:55 | |
CVE-2012-3388 | 4.0 |
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified
|
01-12-2020 - 14:52 | 23-07-2012 - 21:55 | |
CVE-2012-3397 | 4.0 |
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote auth
|
01-12-2020 - 14:52 | 23-07-2012 - 21:55 | |
CVE-2012-3387 | 4.0 |
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
|
01-12-2020 - 14:52 | 23-07-2012 - 21:55 | |
CVE-2012-3392 | 5.5 |
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsub
|
01-12-2020 - 14:43 | 23-07-2012 - 21:55 | |
CVE-2012-3391 | 4.0 |
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging
|
01-12-2020 - 14:43 | 23-07-2012 - 21:55 | |
CVE-2012-3395 | 6.5 |
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.
|
01-12-2020 - 14:43 | 23-07-2012 - 21:55 | |
CVE-2012-3398 | 4.0 |
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature
|
01-12-2020 - 14:43 | 23-07-2012 - 21:55 | |
CVE-2012-3393 | 3.5 |
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
|
01-12-2020 - 14:43 | 23-07-2012 - 21:55 |