CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1044
https://notcve.org/view.php?id=CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. En Moodle 3.x, los servicios quiz web permiten que los estudiantes vean los resultados de los tests cuando se les prohíbe hacerlo en las opciones. • http://www.securityfocus.com/bid/102754 https://moodle.org/mod/forum/discuss.php?d=364383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-15110
https://notcve.org/view.php?id=CVE-2017-15110
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las direcciones de correo electrónico de todos los participantes, independientemente de la visibilidad del correo electrónico. • http://www.securityfocus.com/bid/101909 https://moodle.org/mod/forum/discuss.php?d=361784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0CVE-2016-5013
https://notcve.org/view.php?id=CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam. • http://www.securityfocus.com/bid/92040 https://moodle.org/mod/forum/discuss.php?d=336698 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2017-2576
https://notcve.org/view.php?id=CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •