Page 14 of 127 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. La función "restore teacher" en Moodle 3.0 en versiones hasta 3.0.3, 2.9 en versiones hasta 2.9.5, 2.8 en versiones hasta 2.8.11, 2.7 en versiones hasta 2.7.13 y en versiones anteriores, permite a usuarios remotos autenticados sobrescribir el idnumber del curso. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369 http://www.openwall.com/lists/oss-security/2016/05/17/4 http://www.securitytracker.com/id/1035902 https://bugzilla.redhat.com/show_bug.cgi?id=1335933 • CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 1

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 http://www.securityfocus.com/bid/96977 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla. • http://www.securityfocus.com/bid/93174 https://moodle.org/mod/forum/discuss.php?d=339631 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. En Moodle 2.x y 3.x, la capacidad de ver notas de curso se comprueba en el contexto incorrecto. • http://www.securityfocus.com/bid/94458 https://moodle.org/mod/forum/discuss.php?d=343277 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •