GHSA-xh2j-q4mc-v522

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Moodle calculated question type allows remote code execution by Question authors

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.1, < 3.1.12

3.1.12

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.2, < 3.2.9

3.2.9

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.3, < 3.3.6

3.3.6

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.4, < 3.4.3

3.4.3

EPSS

Процентиль: 98%

0.6286

Средний

8.8 High

CVSS3

CVE ID

CVE-2018-1133

Дефекты

CWE-94

Связанные уязвимости

CVE-2018-1133

CVSS3: 8.8

ubuntu

около 7 лет назад

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

CVE-2018-1133

CVSS3: 8.8

nvd

около 7 лет назад

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.

CVE-2018-1133

CVSS3: 8.8

debian

около 7 лет назад

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...

EPSS

Процентиль: 98%

0.6286

Средний

8.8 High

CVSS3

CVE ID

CVE-2018-1133

Дефекты

CWE-94