CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 1CVE-2017-2641 – Moodle 2.x/3.x - SQL Injection
https://notcve.org/view.php?id=CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 http://www.securityfocus.com/bid/96977 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-2644
https://notcve.org/view.php?id=CVE-2017-2644
In Moodle 3.x, XSS can occur via evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96979 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2017-2645
https://notcve.org/view.php?id=CVE-2017-2645
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de adjuntos a la evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96982 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2643
https://notcve.org/view.php?id=CVE-2017-2643
In Moodle 3.2.x, global search displays user names for unauthenticated users. En Moodle 3.2.x, la búsqueda global muestra nombres de usuario para usuarios no autenticados. • http://www.securityfocus.com/bid/96978 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2016-7038
https://notcve.org/view.php?id=CVE-2016-7038
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla. • http://www.securityfocus.com/bid/93174 https://moodle.org/mod/forum/discuss.php?d=339631 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •