In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-03-06
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS Score
9.8
EPSS Score
0.268
Published
2023-03-06
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.116
Published
2023-03-06
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-03-06
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS Score
7.5
EPSS Score
0.031
Published
2023-03-06
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-09-29
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-09-29
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-09-29