PT-2021-2238 · Moodle+1 · Moodle+1
Frédéric Massart
·
Published
2021-01-13
·
Updated
2024-03-06
·
CVE-2021-20187
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 3.10.1
Moodle versions prior to 3.9.4
Moodle versions prior to 3.8.7
Moodle versions prior to 3.5.16
Description
The issue is related to the implementation of Shibboleth authentication technology in Moodle, which is associated with incorrect code generation management. This allows a remote attacker to execute arbitrary code. The problem arises because site administrators can execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Recommendations
For versions prior to 3.10.1, update to version 3.10.1 or later.
For versions prior to 3.9.4, update to version 3.9.4 or later.
For versions prior to 3.8.7, update to version 3.8.7 or later.
For versions prior to 3.5.16, update to version 3.5.16 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle