Описание
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.11 (включая)Версия от 3.2.0 (включая) до 3.2.8 (включая)Версия от 3.3.0 (включая) до 3.3.5 (включая)Версия от 3.4.0 (включая) до 3.4.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.61125
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 7 лет назад
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
CVSS3: 8.8
debian
больше 7 лет назад
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...
CVSS3: 8.8
github
больше 3 лет назад
Moodle calculated question type allows remote code execution by Question authors
EPSS
Процентиль: 98%
0.61125
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94