Exposure of Moodle
LMS70
exposure score
13,690
sites use
0
exploited
7
critical
CVEs
292 resultsCVE-2024-43425HIGHMoodle: remote code execution via calculated question typesEPSS 83.3%CVE-2021-36393—In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.EPSS 52.3%CVE-2022-35650—The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks rEPSS 49.1%CVE-2022-0332—A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for EPSS 44.9%CVE-2018-1133—An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server,EPSS 32.2%CVE-2021-21809HIGHA command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requesEPSS 24.2%CVE-2020-14321—In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.EPSS 16.4%CVE-2018-1042—Moodle 3.x has Server Side Request Forgery in the filepicker.EPSS 15.9%CVE-2017-2641—In Moodle 2.x and 3.x, SQL injection can occur via user preferences.EPSS 14.5%CVE-2019-3810MEDIUMA flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ EPSS 13.9%CVE-2021-36394—In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.EPSS 7.0%CVE-2023-30943MEDIUMMoodle: tinymce loaders susceptible to arbitrary folder creationEPSS 6.6%CVE-2022-35649—The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter EPSS 6.3%CVE-2022-30600—A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.EPSS 4.9%CVE-2018-14630HIGHmoodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.EPSS 4.4%CVE-2020-25627—The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed inEPSS 3.7%CVE-2022-35653—A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-suppliedEPSS 3.7%CVE-2019-14830—A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoEPSS 3.3%CVE-2020-10738HIGHA flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versionEPSS 3.1%CVE-2021-3943—A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code executiEPSS 2.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →