A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NMoodle
APPMoodle3.5.0 – 3.5.73.6.0 – 3.6.53.7.0 – 3.7.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2024-33999CRITICAL9.8PL ✓ten sam produkt
Moodle MFA — niewystarczająca sanityzacja URL referrer
CVE-2023-28333CRITICAL9.8ten sam produkt
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This ...
CVE-2021-36392CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVE-2021-36393CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVE-2021-36394CRITICAL9.8ten sam produkt
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.