Lucene search

CVE-2018-1137

🗓️ 25 May 2018 12:00:29Reported by redhatType

An issue in Moodle 3.x allows URL substitution in portfolios, leading to class instantiation and potential DDoS attack

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
UbuntuCve	CVE-2018-1137	25 May 201800:00	–	ubuntucve
Prion	Code injection	25 May 201812:29	–	prion
Cvelist	CVE-2018-1137	25 May 201812:00	–	cvelist
Veracode	Unauthorized Instantiation And Denial Of Service (DoS)	28 May 201804:14	–	veracode
NVD	CVE-2018-1137	25 May 201812:29	–	nvd
OSV	UBUNTU-CVE-2018-1137	25 May 201812:29	–	osv
OSV	CVE-2018-1137	25 May 201812:29	–	osv
OSV	GHSA-VXQH-MX28-7GHW Moodle Portfolio script allows instantiation of class chosen by user	14 May 202203:16	–	osv
Github Security Blog	Moodle Portfolio script allows instantiation of class chosen by user	14 May 202203:16	–	github
OpenVAS	Moodle 3.x Multiple Vulnerabilities (May 2018) - Windows	29 May 201800:00	–	openvas

Nvd

Vulners

Node

moodle moodleRange3.1.0–3.1.11

moodle moodleRange3.2.0–3.2.8

moodle moodleRange3.3.0–3.3.5

moodle moodleRange3.4.0–3.4.2

[
  {
    "product": "Moodle 3.x unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Moodle 3.x unknown"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/104307
moodle	www.moodle.org/mod/forum/discuss.php

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 May 2018 12:29Current

7.8High risk

Vulners AI Score7.8

CVSS25.5

CVSS38.1

EPSS0.00499

CWE-20