Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.10.2  Security Vulnerabilities
CVE-2021-40695
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-09-29
CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-05-18
CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-05-18
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-05-18
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVSS Score
9.8
EPSS Score
0.069
Published
2022-05-18
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2022-05-18
CVE-2022-0984
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-29
CVE-2022-0985
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-29
CVE-2022-0983
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-25
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
CVSS Score
6.1
EPSS Score
0.034
Published
2022-03-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved