Описание
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.11 (включая)Версия от 3.2.0 (включая) до 3.2.8 (включая)Версия от 3.3.0 (включая) до 3.3.5 (включая)Версия от 3.4.0 (включая) до 3.4.2 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00499
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 8.1
ubuntu
около 7 лет назад
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
CVSS3: 8.1
debian
около 7 лет назад
An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...
CVSS3: 8.1
github
около 3 лет назад
Moodle Portfolio script allows instantiation of class chosen by user
EPSS
Процентиль: 65%
0.00499
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-20