Lucene search

K
osvGoogleOSV:GHSA-WXQG-FG7V-MMC6
HistoryMay 13, 2022 - 1:05 a.m.

Moodle Authenticated Spelling Binary Remote Code Execution

2022-05-1301:05:39
Google
osv.dev
15
moodle
remote code execution
authenticated
tinymce
binary
security vulnerability

EPSS

0.022

Percentile

89.9%

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.