296,202
Total vulnerabilities in the database
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
| Software | From | Fixed in |
|---|---|---|
| moodle / moodle | 2.6.1 | 2.6.1.x |
| moodle / moodle | 2.6.2 | 2.6.2.x |
| moodle / moodle | 2.6.3 | 2.6.3.x |
| moodle / moodle | 2.6.0 | 2.6.0.x |
| moodle / moodle | 2.3.8 | 2.3.8.x |
| moodle / moodle | 2.3.4 | 2.3.4.x |
| moodle / moodle | 2.3.1 | 2.3.1.x |
| moodle / moodle | 2.3.6 | 2.3.6.x |
| moodle / moodle | 2.3.10 | 2.3.10.x |
| moodle / moodle | 2.3.5 | 2.3.5.x |
| moodle / moodle | 2.3.3 | 2.3.3.x |
| moodle / moodle | - | 2.3.11.x |
| moodle / moodle | 2.3.7 | 2.3.7.x |
| moodle / moodle | 2.3.2 | 2.3.2.x |
| moodle / moodle | 2.3.9 | 2.3.9.x |
| moodle / moodle | 2.3.0 | 2.3.0.x |
| moodle / moodle | 2.5.1 | 2.5.1.x |
| moodle / moodle | 2.5.3 | 2.5.3.x |
| moodle / moodle | 2.5.5 | 2.5.5.x |
| moodle / moodle | 2.5.2 | 2.5.2.x |
| moodle / moodle | 2.5.6 | 2.5.6.x |
| moodle / moodle | 2.5.4 | 2.5.4.x |
| moodle / moodle | 2.5.0 | 2.5.0.x |
| moodle / moodle | 2.7.0 | 2.7.0.x |
| moodle / moodle | 2.4.3 | 2.4.3.x |
| moodle / moodle | 2.4.1 | 2.4.1.x |
| moodle / moodle | 2.4.9 | 2.4.9.x |
| moodle / moodle | 2.4.2 | 2.4.2.x |
| moodle / moodle | 2.4.6 | 2.4.6.x |
| moodle / moodle | 2.4.4 | 2.4.4.x |
| moodle / moodle | 2.4.7 | 2.4.7.x |
| moodle / moodle | 2.4.5 | 2.4.5.x |
| moodle / moodle | 2.4.8 | 2.4.8.x |
| moodle / moodle | 2.4.10 | 2.4.10.x |
| moodle / moodle | 2.4.0 | 2.4.0.x |