Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.7  Security Vulnerabilities
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.192
Published
2023-03-06
CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-06
CVE-2021-36396
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-03-06
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-11-25
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-29
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-29
CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-09-29
CVE-2022-0985
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-29
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
CVSS Score
6.1
EPSS Score
0.041
Published
2022-03-11
CVE-2022-0333
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
CVSS Score
3.8
EPSS Score
0.002
Published
2022-01-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved