Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 4.2.2  Security Vulnerabilities
CVE-2023-5549
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVSS Score
3.3
EPSS Score
0.002
Published
2023-11-09
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVSS Score
6.5
EPSS Score
0.01
Published
2023-11-09
CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
CVE-2023-5542
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
CVE-2010-4207
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CVSS Score
4.3
EPSS Score
0.02
Published
2010-11-07
CVE-2010-4208
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
CVSS Score
4.3
EPSS Score
0.018
Published
2010-11-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved