Описание
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.5.2-1 |
| esm-apps/xenial | not-affected | 2.5.2-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.5.2-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 2.5.2-1 |
| trusty | not-affected | 2.5.2-1 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly han ...
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
EPSS
7.5 High
CVSS2