PT-2018-12626 · Moodle · Moodle

Johannes Moritz

Publicado

2018-09-17

Atualizado

2022-05-13

CVE-2018-14630

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions moodle versions prior to 3.5.2 moodle versions prior to 3.4.5 moodle versions prior to 3.3.8 moodle versions prior to 3.1.14

Description The issue allows for intentional remote code execution when importing legacy 'drag and drop into text' (ddwtos) type quiz questions. This could lead to the injection and execution of PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

Recommendations For versions prior to 3.5.2, update to version 3.5.2 or later. For versions prior to 3.4.5, update to version 3.4.5 or later. For versions prior to 3.3.8, update to version 3.3.8 or later. For versions prior to 3.1.14, update to version 3.1.14 or later.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-20

Identificadores relacionados

CVE-2018-14630

GHSA-C3PR-H96W-2JJG

Produtos afetados

Moodle

PT-2018-12626 · Moodle · Moodle

CVE-2018-14630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20