Lucene search

PRIOn knowledge basePRION:CVE-2013-5674

HistorySep 16, 2013 - 1:02 p.m.

Design/Logic Flaw

2013-09-1613:02:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.

CPENameOperatorVersion
moodleeq2.5.1
moodleeq2.5.0

CPE	Name	Operator	Version
	moodle	eq	2.5.1
	moodle	eq	2.5.0

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40924

moodle.org/mod/forum/discuss.php?d=238397

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for PRION:CVE-2013-5674