Описание
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.11 (включая)Версия от 3.2.0 (включая) до 3.2.8 (включая)Версия от 3.3.0 (включая) до 3.3.5 (включая)Версия от 3.4.0 (включая) до 3.4.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.6286
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 7 лет назад
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.
CVSS3: 8.8
debian
около 7 лет назад
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...
CVSS3: 8.8
github
около 3 лет назад
Moodle calculated question type allows remote code execution by Question authors
EPSS
Процентиль: 98%
0.6286
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-94