• Welcome to the Moodle security testing site! This is an isolated testing instance of Moodle LMS, which can be used by security researchers to identify potential vulnerabilities. Please ensure you have read and agree to the below Code of Conduct before performing any testing. Then, click log in at the top right of the page to get started!

    Any vulnerabilities discovered in the Moodle LMS can be reported via our Vulnerability Disclosure Program. For more information about rewards/recognition for valid submissions, please see our Security Policies Documentation.

    Code of Conduct

    1. Please adhere to the terms and scope of our Vulnerability Disclosure Policy.
    2. All courses and settings will be reset at midnight UTC (users will be retained), however please try to return any setting changes back to normal once you have finished testing if possible, for the benefit of other researchers.
    3. Try to keep impact on other researchers minimal (eg minimising verbose/page breaking JS), rate limiting any tools to not affect performance of the site.
    4. If you plan on performing tests that may lead to Denial of Service (such as automated scans that are not rate limited, or other high traffic tests), please download Moodle and test it locally, to avoid impacting this site for other researchers.