Описание
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| esm-infra/focal | DNE |
Показывать по
10
5.5 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
CVSS3: 8.1
nvd
около 7 лет назад
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
CVSS3: 8.1
debian
около 7 лет назад
An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...
CVSS3: 8.1
github
около 3 лет назад
Moodle Portfolio script allows instantiation of class chosen by user
5.5 Medium
CVSS2
8.1 High
CVSS3