Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 4.1.1  Security Vulnerabilities
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVSS Score
6.1
EPSS Score
0.008
Published
2023-06-22
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
6.3
EPSS Score
0.002
Published
2023-06-22
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-06-22
CVE-2023-30944
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
CVSS Score
5.6
EPSS Score
0.013
Published
2023-05-02
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CVSS Score
6.5
EPSS Score
0.164
Published
2023-05-02
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
CVSS Score
6.1
EPSS Score
0.009
Published
2023-03-23
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-03-23
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-23
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-03-23
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved