PT-2018-10489 · Moodle · Moodle

Robin Peraglie

·

Publicado

2018-05-25

·

Atualizado

2022-05-13

·

CVE-2018-1133

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Moodle versions 3.x
Description An issue was discovered that allows a Teacher creating a Calculated question to intentionally cause remote code execution on the server through eval injection.
Recommendations For Moodle versions 3.x, update to a version that includes a fix for this issue to prevent remote code execution.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2018-1133
GHSA-XH2J-Q4MC-V522

Produtos afetados

Moodle