PT-2016-7687 · Moodle · Moodle

Publicado

2016-11-04

Atualizado

2022-05-17

CVE-2016-9187

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle version 3.1.2

Description The issue concerns an unrestricted file upload vulnerability in the image module, allowing remote authenticated users to execute arbitrary code. This is achieved by uploading a file with an executable extension and accessing it via unspecified vectors.

Recommendations For Moodle version 3.1.2, update to a version that addresses this issue to prevent remote authenticated users from executing arbitrary code through file uploads.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2016-9187

GHSA-58FM-V4PR-JH8P

Produtos afetados

Moodle

PT-2016-7687 · Moodle · Moodle

CVE-2016-9187

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10