CVE-2017-2641 – Moodle 2.x/3.x - SQL Injection
https://notcve.org/view.php?id=CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 http://www.securityfocus.com/bid/96977 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-2644
https://notcve.org/view.php?id=CVE-2017-2644
In Moodle 3.x, XSS can occur via evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96979 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2645
https://notcve.org/view.php?id=CVE-2017-2645
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de adjuntos a la evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96982 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5012
https://notcve.org/view.php?id=CVE-2016-5012
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas. • http://www.securityfocus.com/bid/92041 https://moodle.org/mod/forum/discuss.php?d=336697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •