Identifier Related Record Severity Date Published Description Versions Affected
BDSA-2022-2073 Low Jul 26, 2022 Moodle is vulnerable to reflected cross-site scripting (XSS) in the LTI module. This could allow an unauthenticated attacker to execute arbitrary code more...
BDSA-2022-2071 Medium Jul 26, 2022 Moodle is vulnerable to remote code execution (RCE) due to improper validation of GhostScript commands. This could allow an attacker to inject speciall more...
BDSA-2022-1396 Medium May 20, 2022 Moodle contains a login flaw when counting failed login attempts. This can allow an unauthenticated attacker to bypass the account lockout threshold an more...
BDSA-2022-1395 Medium May 20, 2022 Moodle is vulnerable to SQL injection in the badge award criteria profile. This vulnerability could be used to read or modify Moodle's underlying datab more...
BDSA-2022-1394 Low May 19, 2022 Moodle is vulnerable to an information disclosure vulnerability. This could allow an attacker unauthorized access to the author information of some act more...
BDSA-2022-1393 Low May 19, 2022 Moodle is vulnerable to information exposure due to improper enforcement of hidden user fields. This could allow an attacker to view user profile descr more...
BDSA-2022-1392 Low May 19, 2022 Moodle is vulnerable to a stored cross-site scripting (XSS) vulnerability. This could allow an attacker to execute malicious JavaScript code in a victi more...
BDSA-2021-4056 Low Jan 24, 2022 Moodle is vulnerable to an information leak via insufficient capability checks that allow teachers to download users outside of their courses.
BDSA-2021-3546 Medium Nov 23, 2021 Moodle is vulnerable to remote code execution (RCE). An attacker could exploit this by supplying a malformed backup file.
BDSA-2021-1888 Medium Jun 24, 2021 Moodle is vulnerable to command injection via the `aspellPath` parameter. A series of crafted HTTP requests can lead to command execution. An attacker more...