Lucene search

K

GoogleOSV:GHSA-FCCF-P8FX-VJJ4

HistoryMay 13, 2022 - 1:12 a.m.

Moodle vulnerable to PHP object injection attacks

2022-05-1301:12:40

Google

osv.dev

10

moodle

repositories

php object injection

remote attackers

arbitrary code

serialized data

add-on

AI Score

8

Confidence

Low

EPSS

0.045

Percentile

92.5%

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616

openwall.com/lists/oss-security/2014/07/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d

github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894

github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c

github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2

github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844

github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc

github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42

github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91

github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33

moodle.org/mod/forum/discuss.php?d=264262

nvd.nist.gov/vuln/detail/CVE-2014-3541

AI Score

8

Confidence

Low

EPSS

0.045

Percentile

92.5%

Related for OSV:GHSA-FCCF-P8FX-VJJ4

ubuntucve1 cvelist1 prion1 veracode1 github1 cve1 nvd1 nessus3 mageia1 openvas6 fedora5