Описание
Moodle has a Remote Code Execution risk via file restore
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
Пакеты
moodle/moodle
>= 5.1.0-beta, < 5.1.2
5.1.2
moodle/moodle
>= 5.0.0-beta, < 5.0.5
5.0.5
moodle/moodle
< 4.5.9
4.5.9
Связанные уязвимости
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
A flaw was identified in Moodle\u2019s backup restore functionality wh ...