GCVE - cpe:2.3:a:n/a:moodle_3.x_unknown:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:moodle_3.x_unknown:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Moodle 3.X Unknown (`68275320-3f0e-5dce-9dc1-bfbd2abba065`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-1137`	vulnerable	2026-06-08 05:11:17.025724	Details available An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. Published: 2018-05-25T12:00:00.000Z Updated: 2024-08-05T03:51:48.791Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/104307 https://moodle.org/mod/forum/discuss.php?d=371204	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1136`	vulnerable	2026-06-08 05:11:17.025405	Details available An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. Published: 2018-05-25T12:00:00.000Z Updated: 2024-08-05T03:51:48.694Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/104307 https://moodle.org/mod/forum/discuss.php?d=371202	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1135`	vulnerable	2026-06-08 05:11:17.025072	Details available An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. Published: 2018-05-25T12:00:00.000Z Updated: 2024-08-05T03:51:48.903Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=371201 http://www.securityfocus.com/bid/104307	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1134`	vulnerable	2026-06-08 05:11:17.024610	Details available An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. Published: 2018-05-25T12:00:00.000Z Updated: 2024-08-05T03:51:48.852Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=371200 http://www.securityfocus.com/bid/104307	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1133`	vulnerable	2026-06-08 05:11:17.024064	Details available An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. Published: 2018-05-25T12:00:00.000Z Updated: 2024-08-05T03:51:48.719Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=371199 https://www.exploit-db.com/exploits/46551/ http://www.securityfocus.com/bid/104307	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.