Описание
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Пакеты
moodle/moodle
>= 3.5, < 3.5.16
3.5.16
moodle/moodle
>= 3.8, < 3.8.7
3.8.7
moodle/moodle
>= 3.9, < 3.9.4
3.9.4
moodle/moodle
>= 3.10, < 3.10.1
3.10.1
Связанные уязвимости
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...
Уязвимость реализации технологии аутентификации Shibboleth виртуальной обучающей среды Moodle, позволяющая нарушителю выполнить произвольный код