CVE-2013-5674

Name of the Vulnerable Software and Affected Versions Moodle versions 2.5.x through 2.5.1

Description The issue allows remote attackers to conduct PHP object injection attacks. This is due to improper handling of an object obtained by unserializing a description of an external badge in the badges/external.php file. The attack can be conducted via unspecified vectors, such as overwriting the value of the userid parameter.

Recommendations For Moodle versions 2.5.x through 2.5.1, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the badges/external.php file to minimize the risk of exploitation.