Page 5 of 69 results (0.017 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. • https://bugzilla.redhat.com/show_bug.cgi?id=2179426 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF https://moodle.org/mod/forum/discuss.php?d=445068 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). • https://bugzilla.redhat.com/show_bug.cgi?id=2179422 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF https://moodle.org/mod/forum/discuss.php?d=445065 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

In Moodle, insufficient capability checks meant message deletions were not limited to the current user. • https://moodle.org/mod/forum/discuss.php?d=424803 • CWE-276: Incorrect Default Permissions •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. • https://moodle.org/mod/forum/discuss.php?d=424806 • CWE-276: Incorrect Default Permissions CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. Moodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability. • https://github.com/StackOverflowExcept1on/CVE-2021-36393 https://moodle.org/mod/forum/discuss.php?d=424798 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •