Multiple Vulnerabilities in Moodle

Description: A list of new vulnerabilities have been announced by moodle developers: HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it [CVE-2017-2578] Security vulnerability was reported against PHPMailer, third party library used by Moodle. As a result Moodle improved validation of no-reply address […]

Continue reading ...

Moodle vulnerabilities

Decription: A list of new vulnerabilities have been announced by moodle developers Changes: Event monitor tool checked access to the course or activity only when subscription was created but did not re-evaluate it when sending notifications. This can result in unenrolled user receiving notifications with information they no longer can access. [CVE-2016-5014] By changing own […]

Continue reading ...

Moodle: Recently reported fixes for discovered vulnerabilities.

Decription: A list of new vulnerabilities have been announced by moodle developers. Changes: CSRF possible in the URL that marks forum posts as read [CVE-2016-3734] During the course restore teacher could overwrite idnumber even without having the capability to change it [CVE-2016-3733] Capability check to view other badges was performed for the current user instead […]

Continue reading ...