* Moodle Moodle 2.2.3 and prior
1. Multiple security-bypass vulnerabilities
2. A URI-redirection vulnerability
3. An information-disclosure vulnerability
4. A denial-of-service vulnerability
5. An HTML-injection vulnerability
6. Multiple unspecified vulnerabilities
7. Multiple cross-site scripting vulnerabilities
8. An arbitrary file-upload vulnerability
9. An arbitrary file-access vulnerability
10. An SQL-injection vulnerability
Attackers can exploit these issues to bypass certain security restrictions, redirect users to an attacker-controlled site, obtain sensitive information, upload arbitrary files, perform a denial-of-service attack, bypass the authentication mechanism, inject information in HTTP request headers, and influence how Web content is served, cached, or interpreted. Other attacks may also be possible.
Vendor as issued an updated vulnerability.