Versions
3.6 to 3.6.2
3.4 to 3.4.7
3.1 to 3.1.16 and earlier unsupported versions
3.5 to 3.5.4
3.5.4
3.1.17
3.5 and earlier
3.6.2
3.6.3
3.1.14
3.6
moodle 3.5.1
3.5.3
3.6.x before 3.6.7
Earlier unsupported versions.
3.6 before 3.6.7
3.4.5
3.4.8
3.7.3
3.7 to 3.7.5
3.5.2
3.4.7
moodle 3.3.7
3.7 before 3.7.3
3.8 to 3.8.2
3.7.x before 3.7.3
3.4.6
3.5 to 3.5.11
moodle 3.4.4
3.5.x before 3.5.9
3.1.16
3.6.7
moodle 3.1.13
3.5.5
3.5 before 3.5.9
3.6 to 3.6.9
3.5.9
3.3.9
3.3.8
3.1.15
Recent CVEs
CVE-2020-10738
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.
CVE-2019-14881
A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.
CVE-2019-14884
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
CVE-2019-14883
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
CVE-2019-14882
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.