PT-2020-12303 · Moodle+1 · Moodle+1
Paul Holden
·
Published
2020-05-10
·
Updated
2024-03-06
·
CVE-2020-10738
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.8 before 3.8.3
Moodle versions 3.7 before 3.7.6
Moodle versions 3.6 before 3.6.10
Moodle versions 3.5 before 3.5.12
Moodle earlier unsupported versions
Description
A flaw was found in Moodle that allows creating a SCORM package to achieve remote code execution when interacted with via web services after being added to a course.
Recommendations
For Moodle versions 3.8 before 3.8.3, update to version 3.8.3 or later.
For Moodle versions 3.7 before 3.7.6, update to version 3.7.6 or later.
For Moodle versions 3.6 before 3.6.10, update to version 3.6.10 or later.
For Moodle versions 3.5 before 3.5.12, update to version 3.5.12 or later.
For Moodle earlier unsupported versions, consider upgrading to a supported version.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Moodle