Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.7.0  Security Vulnerabilities
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.192
Published
2023-03-06
CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-06
CVE-2021-36396
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-03-06
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-11-25
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-29
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-29
CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-09-29
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-08-16
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS Score
8.8
EPSS Score
0.602
Published
2022-08-16
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved