Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  Security Vulnerabilities
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVSS Score
6.5
EPSS Score
0.015
Published
2023-11-09
CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.02
Published
2023-11-09
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
CVE-2023-5542
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-11-09
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.02
Published
2023-11-09
CVE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-29
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVSS Score
6.1
EPSS Score
0.009
Published
2023-06-22
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved