PT-2021-5354 · Moodle+1 · Moodle+1
Paul Holden
·
Published
2021-11-10
·
Updated
2024-03-06
·
CVE-2021-3943
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.11 to 3.11.3
Moodle versions 3.10 to 3.10.7
Moodle versions 3.9 to 3.9.10
Moodle versions earlier than 3.9
Description
The issue is related to errors in code generation management, allowing a remote attacker to execute arbitrary code using a specially crafted request. A remote code execution risk was identified when restoring backup files.
Recommendations
For Moodle versions 3.11 to 3.11.3, update to a version later than 3.11.3 to resolve the issue.
For Moodle versions 3.10 to 3.10.7, update to a version later than 3.10.7 to resolve the issue.
For Moodle versions 3.9 to 3.9.10, update to a version later than 3.9.10 to resolve the issue.
For Moodle versions earlier than 3.9, update to a supported version to resolve the issue.
As a temporary workaround, consider restricting access to the backup file restoration feature until a patch is available.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle