Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: moodle

Found 64 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-26045
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Moodle: moodle: improper validation in file restore functionality leading to remote code execution

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

References

Affected products

moodle
  • <5.1.2
  • <4.5.9
  • <5.0.5

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2026-26046
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Moodle: moodle: improper input sanitization in tex filter administration setting

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

References

Affected products

moodle
  • <5.1.2
  • <4.5.9
  • <5.0.5

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2026-26047
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 1 month, 3 weeks ago
Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

References

Affected products

moodle
  • <5.1.2
  • <4.5.9
  • <5.0.5

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1161
created 1 month, 3 weeks ago
Moodle before 2.2.2: Course information leak via hidden courses being …

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1169
created 1 month, 3 weeks ago
Moodle before 2.2.2 has Personal information disclosure, when administrative setting …

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.1 to 2.1.4+
  • ==2.0 to 2.0.7+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1168
created 1 month, 3 weeks ago
Moodle before 2.2.2 has a password and web services issue …

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.1 to 2.1.4+
  • ==2.0 to 2.0.7+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1159
created 1 month, 3 weeks ago
Moodle before 2.2.2: Overview report allows users to see hidden …

Moodle before 2.2.2: Overview report allows users to see hidden courses

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1158
created 1 month, 3 weeks ago
Moodle before 2.2.2 has a course information leak in gradebook …

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1170
created 1 month, 3 weeks ago
Moodle before 2.2.2 has an external enrolment plugin context check …

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

References

Affected products

Moodle
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2012-1156
created 1 month, 3 weeks ago
Moodle before 2.2.2 has users' private files included in course …

Moodle before 2.2.2 has users' private files included in course backups

References

Affected products

Moodle
  • ==2.2 to 2.2.1+
  • ==2.0 to 2.0.7+
  • ==2.1 to 2.1.4+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers