CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40315
https://notcve.org/view.php?id=CVE-2022-40315
30 Sep 2022 — A limited SQL injection risk was identified in the "browse list of users" site administration page. Se ha identificado un riesgo limitado de inyección SQL en la página de administración del sitio "browse list of users" • https://bugzilla.redhat.com/show_bug.cgi?id=2128150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40313
https://notcve.org/view.php?id=CVE-2022-40313
30 Sep 2022 — Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Una renderización recursiva de los helpers de las plantillas de Mustache que contienen entradas de usuario podría, en algunos casos, resultar en un riesgo de tipo XSS o a un fallo en la carga de la página • https://bugzilla.redhat.com/show_bug.cgi?id=2128146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2022-40314
https://notcve.org/view.php?id=CVE-2022-40314
30 Sep 2022 — A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. Se ha identificado un riesgo de ejecución de código remota cuando son restaurados archivos de copia de seguridad procedentes de Moodle versión 1.9 • https://bugzilla.redhat.com/show_bug.cgi?id=2128147 •
CVSS: 6.4EPSS: 76%CPEs: 12EXPL: 0CVE-2022-35653
https://notcve.org/view.php?id=CVE-2022-35653
25 Jul 2022 — A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-35652
https://notcve.org/view.php?id=CVE-2022-35652
25 Jul 2022 — An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. Se ha encontrado un problema de redireccionamiento abierto en Moodle debido a un saneamiento inapr... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2022-35651
https://notcve.org/view.php?id=CVE-2022-35651
25 Jul 2022 — A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Se encontró una vulnerabilidad de tipo XSS almacenado y SSRF... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2022-35650
https://notcve.org/view.php?id=CVE-2022-35650
25 Jul 2022 — The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. La vulnerabilidad se encontró en Moodle, es producido debido a un error de comprobación de entrada cuando son importadas las preguntas de las lecciones... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 1CVE-2022-35649
https://notcve.org/view.php?id=CVE-2022-35649
25 Jul 2022 — The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. La vulnerabilidad fue encontrada en Moodle, ocurre debido a una comprobación de entrada inapropiada cuando se analiza el código PostScript. Un parámetro de ejecución omitido ... • https://github.com/antoinenguyen-09/CVE-2022-35649 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 1CVE-2022-30600
https://notcve.org/view.php?id=CVE-2022-30600
18 May 2022 — A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Se ha encontrado un fallo en moodle en el que la lógica usada para contar los intentos de inicio de sesión fallidos podía resultar en que sea omitido el umbral de bloqueo de la cuenta • https://github.com/Boonjune/POC-CVE-2022-30600 • CWE-682: Incorrect Calculation •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30599
https://notcve.org/view.php?id=CVE-2022-30599
18 May 2022 — A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Se encontró un fallo en moodle donde se identificó un riesgo de inyección SQL en el código de Badges relacionado con la configuración de criterios • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •