CVE-2021-21809

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle version 3.10

Description A command execution vulnerability exists in the default legacy spellchecker plugin. This issue can be exploited through a specially crafted series of HTTP requests, leading to command execution. An attacker must have administrator privileges to exploit this vulnerability.

Recommendations For Moodle version 3.10, consider disabling the default legacy spellchecker plugin until a patch is available to prevent command execution. Restrict access to administrator privileges to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-78

Related Identifiers

ALT-PU-2021-1050

ALT-PU-2021-1098

BIT-MOODLE-2021-21809

CVE-2021-21809

GHSA-C7JJ-VFMR-J9MJ

Affected Products

Alt Linux

Moodle

CVE-2021-21809

Weakness Enumeration

Related Identifiers

Affected Products

References · 13