Moodle 2.4.6

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*

part: a version: 2.4.6 update: *

VendorMoodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3)
ProductMoodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/bitnami/moodle purl2cpe 2026-06-01 10:13:14.068355
pkg:github/moodle/moodle purl2cpe 2026-06-01 10:13:14.068357
pkg:rpm/fedora/moodle purl2cpe 2026-06-01 10:13:14.068358
pkg:rpm/opensuse/moodle purl2cpe 2026-06-01 10:13:14.068359

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-3617 vulnerable 2026-06-08 05:05:41.840067 Details available
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
Published: 2014-09-15T14:00:00.000Z
Updated: 2024-08-06T10:50:17.677Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3553 vulnerable 2026-06-08 05:05:33.384527 Details available
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:17.775Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3552 vulnerable 2026-06-08 05:05:33.383164 Details available
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.615Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3551 vulnerable 2026-06-08 05:05:33.382544 Details available
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.348Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3548 vulnerable 2026-06-08 05:05:33.380641 Details available
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.896Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3546 vulnerable 2026-06-08 05:05:33.379258 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3545 vulnerable 2026-06-08 05:05:33.377629 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3544 vulnerable 2026-06-08 05:05:33.376601 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3543 vulnerable 2026-06-08 05:05:33.375839 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3542 vulnerable 2026-06-08 05:05:33.374616 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3541 vulnerable 2026-06-08 05:05:33.365811 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2571 vulnerable 2026-06-08 05:05:29.227305 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0218 vulnerable 2026-06-08 05:05:12.240352 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0216 vulnerable 2026-06-08 05:05:12.238365 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0215 vulnerable 2026-06-08 05:05:12.236751 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0214 vulnerable 2026-06-08 05:05:12.235067 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0213 vulnerable 2026-06-08 05:05:12.225103 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0129 vulnerable 2026-06-08 05:05:11.708273 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0127 vulnerable 2026-06-08 05:05:11.625518 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0126 vulnerable 2026-06-08 05:05:11.623827 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0125 vulnerable 2026-06-08 05:05:11.622296 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0124 vulnerable 2026-06-08 05:05:11.620752 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0123 vulnerable 2026-06-08 05:05:11.619194 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0122 vulnerable 2026-06-08 05:05:11.617625 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0010 vulnerable 2026-06-08 05:05:10.543067 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0009 vulnerable 2026-06-08 05:05:10.542128 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0008 vulnerable 2026-06-08 05:05:10.540171 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-7341 vulnerable 2026-06-08 05:05:09.996849 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-4525 vulnerable 2026-06-08 05:04:47.898040 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-4524 vulnerable 2026-06-08 05:04:47.895027 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-4523 vulnerable 2026-06-08 05:04:47.891959 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-4522 vulnerable 2026-06-08 05:04:47.887293 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.