Frédéric Massart

**Nome do software vulnerável e versões afetadas** Versões do Moodle anteriores à 3.10.1 Versões do Moodle anteriores à 3.9.4 Versões do Moodle anteriores à 3.8.7 Versões do Moodle anteriores à 3.5.16 **Descrição** O problema está relacionado à implementação da tecnologia de autenticação Shibboleth no Moodle, associada a um gerenciamento incorreto da geração de código. Isso permite que um invasor remoto execute código arbitrário. O problema surge porque os administradores do site podem executar scripts PHP arbitrários por meio de um include PHP utilizado durante a autenticação Shibboleth. **Recomendações** Para versões anteriores à 3.10.1, atualize para a versão 3.10.1 ou posterior. Para versões anteriores à 3.9.4, atualize para a versão 3.9.4 ou posterior. Para versões anteriores à 3.8.7, atualize para a versão 3.8.7 ou posterior. Para versões anteriores à 3.5.16, atualize para a versão 3.5.16 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.8.x through 2.8.8 Moodle versions 2.9.x through 2.9.2 **Description** The issue is related to resource management errors in the Atto component of the Moodle learning management system. It can be exploited by a remote attacker using the guest role and the editor-autosave feature, potentially leading to a denial of service due to disk consumption. **Recommendations** For Moodle versions 2.8.x through 2.8.8, update to version 2.8.9 or later. For Moodle versions 2.9.x through 2.9.2, update to version 2.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.9, 2.7.x before 2.7.6, 2.8.x before 2.8.4 **Description** The issue is related to inadequate access control in the mdeploy.php component of the Moodle learning management system. It allows a remote attacker to bypass existing access restrictions and extract archives to arbitrary directories by crafting a `dataroot` value. **Recommendations** For versions 2.5.9 and earlier, update to a version later than 2.5.9. For versions 2.6.x before 2.6.9, update to version 2.6.9 or later. For versions 2.7.x before 2.7.6, update to version 2.7.6 or later. For versions 2.8.x before 2.8.4, update to version 2.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.9, 2.7.x before 2.7.6, 2.8.x before 2.8.4 **Description** The issue is related to inadequate access control in the tag/user.php component of the Moodle learning management system. This allows remote authenticated users to bypass intended access restrictions. The "Flag as inappropriate" feature can be exploited to circumvent existing access limitations. **Recommendations** For versions 2.5.9 and earlier, update to a version later than 2.5.9 to resolve the issue. For versions 2.6.x before 2.6.9, update to version 2.6.9 or later. For versions 2.7.x before 2.7.6, update to version 2.7.6 or later. For versions 2.8.x before 2.8.4, update to version 2.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.0 through 2.4.11 Moodle versions 2.5.x before 2.5.9 Moodle versions 2.6.x before 2.6.6 Moodle versions 2.7.x before 2.7.3 **Description** The issue allows remote authenticated users to bypass intended access restrictions. This is due to the `tag/tag autocomplete.php` file not considering the `moodle/tag:edit` capability before adding a tag, which can be exploited via an AJAX request. **Recommendations** For versions 2.4.0 through 2.4.11, update to version 2.4.12 or later. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.11 Moodle versions 2.5.x before 2.5.7 Moodle versions 2.6.x before 2.6.4 Moodle versions 2.7.x before 2.7.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For Moodle versions prior to 2.3.11, update to version 2.3.11 or later. For Moodle versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For Moodle versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For Moodle versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For Moodle versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.11 Moodle versions 2.5.x before 2.5.7 Moodle versions 2.6.x before 2.6.4 Moodle versions 2.7.x before 2.7.1 **Description** The issue allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later. For versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.x through 2.5.6 Moodle versions 2.6.x through 2.6.3 Moodle versions 2.7.x through 2.7.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via an external badge, potentially leading to cross-site scripting (XSS) attacks. This is due to multiple XSS vulnerabilities in badges/renderer.php. **Recommendations** For Moodle versions 2.5.x through 2.5.6, update to version 2.5.7 or later. For Moodle versions 2.6.x through 2.6.3, update to version 2.6.4 or later. For Moodle versions 2.7.x through 2.7.0, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.2.11 Moodle versions 2.3.x before 2.3.10 Moodle versions 2.4.x before 2.4.7 Moodle versions 2.5.x before 2.5.3 **Description** A directory traversal issue allows remote authenticated users to read arbitrary files by using a .. (dot dot) in a path. **Recommendations** For versions prior to 2.2.11, update to version 2.2.11 or later. For versions 2.3.x before 2.3.10, update to version 2.3.10 or later. For versions 2.4.x before 2.4.7, update to version 2.4.7 or later. For versions 2.5.x before 2.5.3, update to version 2.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0 through 2.1.10 Moodle versions 2.2.x through 2.2.7 Moodle versions 2.3.x through 2.3.4 Moodle versions 2.4.x through 2.4.1 **Description** The issue concerns improper privilege management for WebDAV repositories. This allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. **Recommendations** For versions 2.0 through 2.1.10, update to version 2.1.11 or later. For versions 2.2.x through 2.2.7, update to version 2.2.8 or later. For versions 2.3.x through 2.3.4, update to version 2.3.5 or later. For versions 2.4.x through 2.4.1, update to version 2.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.1.10 and earlier, 2.2.x through 2.2.7, 2.3.x through 2.3.4, 2.4.x through 2.4.1 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in the File Picker module. **Recommendations** For versions 2.1.10 and earlier, update to version 2.1.11 or later. For versions 2.2.x through 2.2.7, update to version 2.2.8 or later. For versions 2.3.x through 2.3.4, update to version 2.3.5 or later. For versions 2.4.x through 2.4.1, update to version 2.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Zend Framework versions 1.x prior to 1.11.12 Zend Framework versions 1.12.x prior to 1.12.0 **Description** The issue allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, also known as an XML external entity (XXE) injection attack. This occurs due to the improper handling of SimpleXMLElement classes by the Zend XmlRpc component. **Recommendations** For Zend Framework versions 1.x prior to 1.11.12, update to version 1.11.12 or later. For Zend Framework versions 1.12.x prior to 1.12.0, update to version 1.12.0 or later. As a temporary workaround, consider restricting access to the Zend XmlRpc component until a patch is applied.