Information on source package moodle

Available versions

ReleaseVersion
sid2.7.19+dfsg-2

Open issues

BugsidDescription
CVE-2017-7532vulnerableIn Moodle 3.x, course creators are able to change system default ...
CVE-2017-7491vulnerableIn Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...
CVE-2017-7490vulnerableIn Moodle 2.x and 3.x, searching of arbitrary blogs is possible because ...
CVE-2017-7489vulnerableIn Moodle 2.x and 3.x, remote authenticated users can take ownership of ...
CVE-2017-2642vulnerableMoodle 3.x has user fullname disclosure on the user preferences page. ...

Open unimportant issues

BugsidDescription
CVE-2017-7298vulnerableIn Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add ...
CVE-2008-3327vulnerableMoodle 1.6.5, when display_errors is enabled, allows remote attackers ...
CVE-2006-4976vulnerableThe Date Library in John Lim ADOdb Library for PHP allows remote ...

Resolved issues

BugDescription
TEMP-0000000-EA71EFmoodle unspecified security bug in the forum module (discuss.php)
TEMP-0000000-D91305tcpdf code execution via tcpdf tag
TEMP-0000000-5CAA34Unspecified issue in moodle's admin/delete.php
CVE-2017-7531In Moodle 3.3, the course overview block reveals activities in hidden ...
CVE-2017-2645In Moodle 3.x, XSS can occur via attachments to evidence of prior ...
CVE-2017-2644In Moodle 3.x, XSS can occur via evidence of prior learning. ...
CVE-2017-2643In Moodle 3.2.x, global search displays user names for unauthenticated ...
CVE-2017-2641In Moodle 2.x and 3.x, SQL injection can occur via user preferences. ...
CVE-2017-2578In Moodle 3.x, there is XSS in the assignment submission page. ...
CVE-2017-2576In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in ...
CVE-2016-8644In Moodle 2.x and 3.x, the capability to view course notes is checked ...
CVE-2016-8643In Moodle 2.x and 3.x, non-admin site managers may accidentally edit ...
CVE-2016-8642In Moodle 2.x and 3.x, the question engine allows access to files that ...
CVE-2016-7038In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...
CVE-2016-5014In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...
CVE-2016-5013In Moodle 2.x and 3.x, text injection can occur in email headers, ...
CVE-2016-5012In Moodle 3.x, glossary search displays entries without checking user ...
CVE-2016-3734Cross-site request forgery (CSRF) vulnerability in markposts.php in ...
CVE-2016-3733The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through ...
CVE-2016-3732The capability check to access other badges in Moodle 3.0 through ...
CVE-2016-3731Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 ...
CVE-2016-3729The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, ...
CVE-2016-2190Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...
CVE-2016-2159The save_submission function in mod/assign/externallib.php in Moodle ...
CVE-2016-2158lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before ...
CVE-2016-2157Cross-site request forgery (CSRF) vulnerability in ...
CVE-2016-2156calendar/externallib.php in Moodle through 2.6.11, 2.7.x before ...
CVE-2016-2155The grade-reporting feature in Singleview (aka Single View) in Moodle ...
CVE-2016-2154admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before ...
CVE-2016-2153Cross-site scripting (XSS) vulnerability in the advanced-search ...
CVE-2016-2152Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2016-2151user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x ...
CVE-2016-0725Cross-site scripting (XSS) vulnerability in the search_pagination ...
CVE-2016-0724The (1) core_enrol_get_course_enrolment_methods and (2) ...
CVE-2015-5342The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x ...
CVE-2015-5341mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before ...
CVE-2015-5340Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and ...
CVE-2015-5339The core_enrol_get_enrolled_users web service in enrol/externallib.php ...
CVE-2015-5338Multiple cross-site request forgery (CSRF) vulnerabilities in the ...
CVE-2015-5337Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and ...
CVE-2015-5336Multiple cross-site scripting (XSS) vulnerabilities in the survey ...
CVE-2015-5335Cross-site request forgery (CSRF) vulnerability in ...
CVE-2015-5332Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote ...
CVE-2015-5331Moodle 2.9.x before 2.9.3 does not properly check the contact list ...
CVE-2015-5272The Forum module in Moodle 2.7.x before 2.7.10 allows remote ...
CVE-2015-5269Cross-site scripting (XSS) vulnerability in group/overview.php in ...
CVE-2015-5268The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, ...
CVE-2015-5267lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...
CVE-2015-5266The enrol_meta_sync function in enrol/meta/locallib.php in Moodle ...
CVE-2015-5265The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, ...
CVE-2015-5264The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...
CVE-2015-3275Multiple cross-site scripting (XSS) vulnerabilities in the SCORM ...
CVE-2015-3274Cross-site scripting (XSS) vulnerability in the user_get_user_details ...
CVE-2015-3273mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the ...
CVE-2015-3272Open redirect vulnerability in the clean_param function in ...
CVE-2015-3181files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...
CVE-2015-3180lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...
CVE-2015-3179login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x ...
CVE-2015-3178Cross-site scripting (XSS) vulnerability in the external_format_text ...
CVE-2015-3177Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe ...
CVE-2015-3176The account-confirmation feature in login/confirm.php in Moodle ...
CVE-2015-3175Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x ...
CVE-2015-3174mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...
CVE-2015-2273Cross-site scripting (XSS) vulnerability in ...
CVE-2015-2272login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...
CVE-2015-2271tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...
CVE-2015-2270lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...
CVE-2015-2269Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2015-2268filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before ...
CVE-2015-2267mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...
CVE-2015-2266message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...
CVE-2015-1493Directory traversal vulnerability in the min_get_slash_argument ...
CVE-2015-0218Cross-site request forgery (CSRF) vulnerability in ...
CVE-2015-0217filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before ...
CVE-2015-0216access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...
CVE-2015-0215calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...
CVE-2015-0214message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...
CVE-2015-0213Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...
CVE-2015-0212Cross-site scripting (XSS) vulnerability in course/pending.php in ...
CVE-2015-0211mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x ...
CVE-2014-9060The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...
CVE-2014-9059lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...
CVE-2014-7848lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...
CVE-2014-7847iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...
CVE-2014-7846tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...
CVE-2014-7845The generate_password function in Moodle through 2.4.11, 2.5.x before ...
CVE-2014-7838Multiple cross-site request forgery (CSRF) vulnerabilities in the ...
CVE-2014-7837mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...
CVE-2014-7836Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI ...
CVE-2014-7835webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before ...
CVE-2014-7834mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...
CVE-2014-7833mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...
CVE-2014-7832mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x ...
CVE-2014-7831lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...
CVE-2014-7830Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...
CVE-2014-4172php-cas unencoded tickets
CVE-2014-3617The forum_print_latest_discussions function in mod/forum/lib.php in ...
CVE-2014-3553mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...
CVE-2014-3552The Shibboleth authentication plugin in auth/shibboleth/index.php in ...
CVE-2014-3551Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2014-3550Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2014-3549Cross-site scripting (XSS) vulnerability in the get_description ...
CVE-2014-3548Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...
CVE-2014-3547Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2014-3546Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...
CVE-2014-3545Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...
CVE-2014-3544Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...
CVE-2014-3543mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...
CVE-2014-3542mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...
CVE-2014-3541The Repositories component in Moodle through 2.3.11, 2.4.x before ...
CVE-2014-2572mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not ...
CVE-2014-2571Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...
CVE-2014-2054PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and ...
CVE-2014-0218Cross-site scripting (XSS) vulnerability in the URL downloader ...
CVE-2014-0217enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the ...
CVE-2014-0216The My Home implementation in the block_html_pluginfile function in ...
CVE-2014-0215The blind-marking implementation in Moodle through 2.3.11, 2.4.x ...
CVE-2014-0214login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x ...
CVE-2014-0213Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2014-0129badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before ...
CVE-2014-0127The time-validation implementation in (1) mod/feedback/complete.php ...
CVE-2014-0126Cross-site request forgery (CSRF) vulnerability in ...
CVE-2014-0125repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before ...
CVE-2014-0124The identity-reporting implementations in mod/forum/renderer.php and ...
CVE-2014-0123The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...
CVE-2014-0122mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, ...
CVE-2014-0010Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2014-0009course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, ...
CVE-2014-0008lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x ...
CVE-2013-7341Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer ...
CVE-2013-6780Cross-site scripting (XSS) vulnerability in uploader.swf in the ...
CVE-2013-5674badges/external.php in Moodle 2.5.x before 2.5.2 does not properly ...
CVE-2013-4942Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...
CVE-2013-4941Cross-site scripting (XSS) vulnerability in uploader.swf in the ...
CVE-2013-4940Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...
CVE-2013-4939Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...
CVE-2013-4938The LTI (aka IMS-LTI) mod_form implementation in Moodle through ...
CVE-2013-4525Cross-site scripting (XSS) vulnerability in ...
CVE-2013-4524Directory traversal vulnerability in repository/filesystem/lib.php in ...
CVE-2013-4523Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...
CVE-2013-4522lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x ...
CVE-2013-4341Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...
CVE-2013-4313Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...
CVE-2013-2246mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, ...
CVE-2013-2245rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x ...
CVE-2013-2244Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2013-2243mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x ...
CVE-2013-2242mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before ...
CVE-2013-2083The MoodleQuickForm class in lib/formslib.php in Moodle through ...
CVE-2013-2082Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...
CVE-2013-2081Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...
CVE-2013-2080The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, ...
CVE-2013-2079mod/assign/locallib.php in the assignment module in Moodle 2.3.x ...
CVE-2013-1836Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...
CVE-2013-1835Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...
CVE-2013-1834notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, ...
CVE-2013-1833Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...
CVE-2013-1832repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before ...
CVE-2013-1831lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...
CVE-2013-1830user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...
CVE-2013-1829calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...
CVE-2012-6112classes/GoogleSpell.php in the PHP Spellchecker (aka Google ...
CVE-2012-6106calendar/managesubscriptions.php in the Manage Subscriptions ...
CVE-2012-6105blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, ...
CVE-2012-6104blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and ...
CVE-2012-6103Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2012-6102lib.php in the Submission comments plugin in the Assignment module in ...
CVE-2012-6101Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, ...
CVE-2012-6100report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before ...
CVE-2012-6099The moodle1 backup converter in backup/converter/moodle1/lib.php in ...
CVE-2012-6098grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...
CVE-2012-6087repository/s3/S3.php in the Amazon S3 library in Moodle through ...
CVE-2012-5583phpCAS before 1.3.2 does not verify that the server hostname matches a ...
CVE-2012-5481Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ...
CVE-2012-5480The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...
CVE-2012-5479The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...
CVE-2012-5473The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...
CVE-2012-5472lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 ...
CVE-2012-5471The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x ...
CVE-2012-4408course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...
CVE-2012-4407lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...
CVE-2012-4403theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly ...
CVE-2012-4402webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, ...
CVE-2012-4401Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote ...
CVE-2012-4400repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...
CVE-2012-3398Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, ...
CVE-2012-3397lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...
CVE-2012-3396Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in ...
CVE-2012-3395SQL injection vulnerability in mod/feedback/complete.php in Moodle ...
CVE-2012-3394auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x ...
CVE-2012-3393Cross-site scripting (XSS) vulnerability in repository/lib.php in ...
CVE-2012-3392mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x ...
CVE-2012-3391mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before ...
CVE-2012-3390lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 ...
CVE-2012-3389Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2012-3388The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before ...
CVE-2012-3387Moodle 2.3.x before 2.3.1 uses only a client-side check for whether ...
CVE-2012-3363Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before ...
CVE-2012-2367Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, ...
CVE-2012-2366mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before ...
CVE-2012-2365Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, ...
CVE-2012-2364Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle ...
CVE-2012-2363SQL injection vulnerability in calendar/event.php in the calendar ...
CVE-2012-2362Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog ...
CVE-2012-2361Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...
CVE-2012-2360Cross-site scripting (XSS) vulnerability in the Wiki subsystem in ...
CVE-2012-2359admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before ...
CVE-2012-2358Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 ...
CVE-2012-2357The Multi-Authentication feature in the Central Authentication Service ...
CVE-2012-2356The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...
CVE-2012-2355Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...
CVE-2012-2354Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...
CVE-2012-2353Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...
CVE-2012-1170
CVE-2012-1169
CVE-2012-1168
CVE-2012-1161
CVE-2012-1160
CVE-2012-1159
CVE-2012-1158
CVE-2012-1157
CVE-2012-1156
CVE-2012-1155
CVE-2012-1105
CVE-2012-1104
CVE-2012-0801lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 ...
CVE-2012-0800The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, ...
CVE-2012-0799Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous ...
CVE-2012-0798The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and ...
CVE-2012-0797The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x ...
CVE-2012-0796class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x ...
CVE-2012-0795Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...
CVE-2012-0794The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before ...
CVE-2012-0793Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...
CVE-2012-0792mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote ...
CVE-2011-4593Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...
CVE-2011-4592The command-line cron implementation in Moodle 2.0.x before 2.0.6 and ...
CVE-2011-4591Cross-site scripting (XSS) vulnerability in the print_object function ...
CVE-2011-4590The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...
CVE-2011-4589backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and ...
CVE-2011-4588The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x ...
CVE-2011-4587lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, ...
CVE-2011-4586CRLF injection vulnerability in calendar/set.php in the Calendar ...
CVE-2011-4585login/change_password.php in Moodle 1.9.x before 1.9.15 does not use ...
CVE-2011-4584The MNET authentication functionality in Moodle 1.9.x before 1.9.15, ...
CVE-2011-4583Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service ...
CVE-2011-4582Open redirect vulnerability in the Calendar set page in Moodle 2.1.x ...
CVE-2011-4581mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before ...
CVE-2011-4309Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote ...
CVE-2011-4308mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, ...
CVE-2011-4307Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php ...
CVE-2011-4306Cross-site scripting (XSS) vulnerability in course/editsection.html in ...
CVE-2011-4305message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote ...
CVE-2011-4304The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before ...
CVE-2011-4303lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...
CVE-2011-4302mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x ...
CVE-2011-4301The MoodleQuickForm class in the Forms Library in lib/formslib.php in ...
CVE-2011-4300The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x ...
CVE-2011-4299Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in ...
CVE-2011-4298Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2011-4297comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...
CVE-2011-4296lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...
CVE-2011-4295The moodle_enrol_external:role_assign function in ...
CVE-2011-4294The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x ...
CVE-2011-4293The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...
CVE-2011-4292Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...
CVE-2011-4291Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...
CVE-2011-4290Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php ...
CVE-2011-4289Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...
CVE-2011-4288Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly ...
CVE-2011-4287admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force ...
CVE-2011-4286Multiple cross-site scripting (XSS) vulnerabilities in the ...
CVE-2011-4285The default configuration of Moodle 2.0.x before 2.0.2 has an ...
CVE-2011-4284Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive ...
CVE-2011-4283Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS ...
CVE-2011-4282Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...
CVE-2011-4281Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...
CVE-2011-4280Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...
CVE-2011-4279Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles ...
CVE-2011-4278Cross-site scripting (XSS) vulnerability in the tag autocomplete ...
CVE-2011-4133Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...
CVE-2010-4536Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...
CVE-2010-3692Directory traversal vulnerability in the callback function in ...
CVE-2010-3691PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...
CVE-2010-3690Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...
CVE-2010-2796Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...
CVE-2010-2795phpCAS before 1.1.2 allows remote authenticated users to hijack ...
CVE-2010-2479Cross-site scripting (XSS) vulnerability in HTML Purifier before ...
CVE-2010-2231Cross-site request forgery (CSRF) vulnerability in ...
CVE-2010-2230The KSES text cleaning filter in lib/weblib.php in Moodle before ...
CVE-2010-2229Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...
CVE-2010-2228Cross-site scripting (XSS) vulnerability in the MNET access-control ...
CVE-2010-1619Cross-site scripting (XSS) vulnerability in the ...
CVE-2010-1618Cross-site scripting (XSS) vulnerability in the phpCAS client library ...
CVE-2010-1617user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...
CVE-2010-1616Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...
CVE-2010-1615Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...
CVE-2010-1614Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...
CVE-2010-1613Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...
CVE-2009-4305SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...
CVE-2009-4304Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...
CVE-2009-4303Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...
CVE-2009-4302login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...
CVE-2009-4301mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...
CVE-2009-4300Multiple unspecified authentication plugins in Moodle 1.8 before ...
CVE-2009-4299mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...
CVE-2009-4298The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...
CVE-2009-4297Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...
CVE-2009-1171The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 ...
CVE-2009-0502Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...
CVE-2009-0501Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...
CVE-2009-0500Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...
CVE-2009-0499Cross-site request forgery (CSRF) vulnerability in the forum code in ...
CVE-2008-6125Unspecified vulnerability in the user editing interface in Moodle ...
CVE-2008-6124SQL injection vulnerability in the hotpot_delete_selected_attempts ...
CVE-2008-5619html2text.php in Chuggnutt HTML to Text Converter, as used in ...
CVE-2008-5432Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...
CVE-2008-5153spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...
CVE-2008-4811The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...
CVE-2008-4810The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...
CVE-2008-4796The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...
CVE-2008-3326Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...
CVE-2008-3325Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...
CVE-2008-1502The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...
CVE-2008-1066The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...
CVE-2008-0123Cross-site scripting (XSS) vulnerability in install.php for Moodle ...
CVE-2007-6538SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...
CVE-2007-3555Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...
CVE-2007-3215PHPMailer 1.7, when configured to use sendmail, allows remote ...
CVE-2007-2385The Yahoo! UI framework exchanges data using JavaScript Object ...
CVE-2007-2326Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...
CVE-2007-1647Moodle 1.5.2 and earlier stores sensitive information under the web ...
CVE-2007-1429Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...
CVE-2006-6626Cross-site scripting (XSS) vulnerability in an unspecified component ...
CVE-2006-6625Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...
CVE-2006-5219SQL injection vulnerability in blog/index.php in the blog module in ...
CVE-2006-4943course/jumpto.php in Moodle before 1.6.2 does not validate the session ...
CVE-2006-4942Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...
CVE-2006-4941Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...
CVE-2006-4940login/forgot_password.php in Moodle before 1.6.2 allows remote ...
CVE-2006-4939backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...
CVE-2006-4938help.php in Moodle before 1.6.2 does not check the existence of ...
CVE-2006-4937lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...
CVE-2006-4936Moodle before 1.6.2 does not properly validate the module instance id ...
CVE-2006-4935The Database module in Moodle before 1.6.2 does not properly handle ...
CVE-2006-4786Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...
CVE-2006-4785SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...
CVE-2006-4784Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...
CVE-2006-4618PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...
CVE-2006-0806Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...
CVE-2006-0410SQL injection vulnerability in ADOdb before 4.71, when using ...
CVE-2006-0147Dynamic code evaluation vulnerability in tests/tmssql.php test script ...
CVE-2006-0146The server.php test script in ADOdb for PHP before 4.70, as used in ...
CVE-2005-4600Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...
CVE-2005-3649jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...
CVE-2005-3648Multiple SQL injection vulnerabilities in the get_record function in ...
CVE-2005-2247Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...
CVE-2004-2664John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...
CVE-2004-2237Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...
CVE-2004-2236Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...
CVE-2004-2235Unknown vulnerability in Moodle before 1.2 has unknown impact and ...
CVE-2004-2234Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...
CVE-2004-2233Unknown "front page vulnerability with Moodle servers" for Moodle ...
CVE-2004-2232SQL injection vulnerability in sql.php in the Glossary module in ...
CVE-2004-1978Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...
CVE-2004-1711Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...
CVE-2004-1425Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...
CVE-2004-1424Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...
CVE-2004-0725Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...

Security announcements

DSA / DLADescription
DSA-2421-1moodle - several
DSA-2338-1moodle - several
DSA-2262-1moodle - several
DSA-2172-1moodle - several
DSA-2115-1moodle - several vulnerabilities
DSA-1986-1moodle - several vulnerabilities
DSA-1761-1moodle - file disclosure
DSA-1761-1moodle - file disclosure
DSA-1724-1- several vulnerabilities
DSA-1691-1moodle - several vulnerabilities
DSA-1030-1moodle - several

Search for package or bug name: Reporting problems