CVE-2021-21809

Опубликовано: 23 июн. 2021

Источник: nvd

CVSS3: 8.2

CVSS3: 9.1

CVSS2: 9

EPSS Средний

Описание

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.

Ссылки

http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/164481/Moodle-SpellChecker-Path-Authenticated-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1277
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:moodle:moodle:3.10.0:-:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.69115

Средний

8.2 High

CVSS3

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2021-21809

CVSS3: 9.1

ubuntu

почти 4 года назад

GHSA-c7jj-vfmr-j9mj

CVSS3: 9.1

github

около 3 лет назад

Moodle command execution vulnerability exists in the default legacy spellchecker plugin

EPSS

Процентиль: 99%

0.69115

Средний

8.2 High

CVSS3

9.1 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78