Lucene search

K
osvGoogleOSV:GHSA-2JRM-GWW7-WCH2
HistoryMay 24, 2022 - 5:40 p.m.

Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration

2022-05-2417:40:31
Google
osv.dev
3

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.9%

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.9%