Moodle

The popular Moodle software platform allows you to create and conduct a variety of online training courses, with an emphasis on supporting active interaction between the teacher and students, as well as students among themselves - joint problem solving, discussion, knowledge exchange and other types of collective work.

The Moodle platform has a modular structure, which allows you to flexibly change and complement the functionality of the system.

2024: Vulnerability Discovery

Positive Technologies expert Aleksei Solovyov discovered dangerous vulnerabilities in Moodle. Positive Technologies was informed about this on September 10, 2024. This open source solution is used for distance and face-to-face education in schools and universities, courses and corporate trainings. In Russia, the product is used by over 5.7 thousand organizations. Moodle dominates the university education management systems market in most regions: in Latin America, its share is 73%, in Europe - 69%, in Oceania and Australia - 56%, in North America - 16%. The manufacturer was notified of the errors as part of the responsible disclosure policy, and issued security updates.

With the successful exploitation of these vulnerabilities and the development of the attack, an attacker could potentially stop the educational process in the organization, distort information for students, gain access to the database, or execute arbitrary code on the server. The system is used by tens of thousands of educational institutions, as well as the largest companies in the world, so it is important to eliminate vulnerabilities as soon as possible, "said Aleksei Solovyov, senior specialist in the web application security analysis group at Positive Technologies.

Vulnerabilities CVE-2024-33997 (BDU:2024-04201) and CVE-2024-33998 (BDU:2024-04202) received the same rating - 6.8 points on the CVSS v3 scale. Security flaws are a type of stored XSS and allow attackers to execute arbitrary JavaScript code in the victim's browser. With the help of the vulnerabilities found, an attacker with minimal privileges could inject arbitrary code and save it to the server, and then provoke the Moodle administrator to perform certain actions to run the embedded code and completely compromise the system.

According to the expert, the reason for the appearance of similar and many other vulnerabilities is insufficient or absent data sanitation.

Vulnerabilities were found in versions Moodle 4.1-4.1.9, 4.2-4.2.6, 4.3-4.3.3 and earlier, and fixed in versions 4.1.10, 4.2.7, 4.3.4. To fix security flaws, it is recommended to install the latest release of the system and regularly check for updates.

2012

Moodle 2.2

In November 2011, a new version of the open distance learning system (RES) Moodle 2.2 was released, distributed under the GNU GPL license. With Moodle, you can create online learning sites.

The leader and ideologist of the system is Martin Dougiamas of Australia. The project is open, the Russification of Moodle is carried out by a team of volunteers from Russia and Belarus.

Moodle is written in PHP using SQL DBMS (MySQL, PostgreSQL, Microsoft SQL Server, etc. - ADOdb XML is used). Moodle can work with SCO objects and meets the SCORM standard.

Moodle 2.2 provides the following new features:

• Evaluation headings are a plugin that expands the Moodle rating subsystem, which implements the concept of multi-criteria evaluation headings. The teacher evaluates the work immediately according to many specified criteria, after which the grades are automatically normalized according to the level of other students. According to the developers, this should compensate for the tendency of some teachers to overestimate or underestimate grades, as well as the uneven complexity of tasks.
• Support for the IMS standard has been expanded, which now allows you to connect tasks to courses located on third-party sites or written in other programming languages. Thanks to the IMS LTI standard, external tasks can receive information about the student passing the exam (or test) and return the received grade.
• The MyMobile theme is optimized for working with smartphones.

Application of Moodle to more than 50 thousand organizations

As of March 2011, the Moodle training platform was used by more than 50 thousand organizations from more than 200 countries of the world, including in Russia, where today Moodle is one of the most popular open source training solutions. In the Russian Federation, more than 600 installations have been registered with the number of users in some of them up to 500 thousand people.

Video conference VKS Integration Module with Moodle

In March 2011, the Russian company, SPIRIT a developer and supplier of a carrier-class software platform for Internet video telephony, together with the company, a ALT Linux Russian developer in the development of free ON and distributions based on, Linux announced the release of a new system integration module video conferencings Video conference and the popular Moodle training platform.

Video conference can be built into Moodle as an optional module. The Video conference integrated into the RES Moodle VKS, in contrast to the use of a separate external means of communication by teachers and students, for example, Skype or Apple iChat, gives users a number of advantages:

• support for multi-user conferences, not just one-on-one video calls;
• Convenience and lack of the need for separate registration in different applications, since when logging in, all functions, including VKS, become available simultaneously from a single environment;
• simplicity - the call is made by one button in the usual interface of the training course;
• control - collection and provision of statistical reports is carried out in the required format to the general system.

The functionality of sharing documents and materials created by the teacher or students, as well as the option of built-in text chat, is integrated with the VKS. For the convenience of integrating the Video conference solution into the Moodle platform, a number of special software interfaces and plugins have been created, provided with developed documentation.

The Russian company SPIRIT, a developer and supplier of an innovative operator-class software platform for Internet video telephony, together with ALT Linux, a Russian leader in the development of free software and distributions based on Linux, announces the release of a new video conferencing integration module Video conference and the popular Moodle training platform.

Distance learning is an area where the effectiveness of communication and interaction between participants in the educational process directly affects the success of the process as a whole, so the flexibility and interactivity of distance learning systems (RES) is becoming more and more important for their users. The introduction of the videoconferencing (VKS) option in RES is a logical step in the development of online training systems.

The creation of a new integration module for the domestic video conferencing system Video conference and the popular training platform Moodle based on software fits into the framework of the concept of the National Software Platform (NPP), expanding the competitive capabilities of Russian software.

The VCS module can be used when creating the Moodle training course. In this case, a video conference will be organized during the scheduled lesson (seminar, lecture, etc.) or at another time specified by the teacher. The composition of the participants to whom the conference will be available coincides with the composition of the participants of this course. Videoconference options can be edited by the teacher, he will have access to the control tools of the conference participants, including the provision and prohibition of voting rights, video display, etc.

The Video conference software can also be integrated with other software solutions by supplementing their functionality with a built-in video conferencing unit within a single system. The ability to instantly conduct a video communication session with any number of participants allows you to bring the efficiency of interaction between system users to a qualitatively new level.