RedosROS-20230627-01ROS-20230627-01
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.2%
The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of data submitted by
users, in the external Wiki method for listing pages, a user can send a specially
crafted query to the affected application and execute limited SQL commands on the application’s database.
Exploitation of the vulnerability could allow an attacker acting remotely to read, delete, modify the
data in the database and gain full control over the vulnerable application.
A vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of user data in the
Some returnurl parameters, an attacker could force a victim to click on a specially crafted
link and execute arbitrary HTML code and script in the user’s browser in the context of a vulnerable website.
website. Exploitation of the vulnerability could allow an attacker acting remotely to steal
potentially sensitive information, alter the appearance of a web page, perform phishing attacks
and drive-by download attacks.
The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of user data
When searching blogs, an attacker can force a victim to click on a specially crafted link and
execute arbitrary HTML code and script in the user’s browser in the context of a vulnerable website.
Exploitation of the vulnerability could allow an attacker acting remotely to steal potentially
sensitive information, alter the appearance of a web page, perform phishing and drive-by attacks, and exploit the vulnerability.
"drive-by downloads.
The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of user-supplied data in mod_h5.
user-supplied data in mod_h5pactivity, which is responsible for retrieving data about user attempts,
An attacker can send a specially crafted query to a vulnerable application and execute arbitrary
SQL commands in the application’s database. Exploitation of the vulnerability could allow an attacker acting
remotely to read, delete, modify data in the database and gain full control over the vulnerable application.
application.
The vulnerability in the Moodle virtual learning environment is related to insufficient restrictions in the settings of the
“start page.” Exploitation of the vulnerability could allow an attacker acting remotely,
to set this setting for another user.
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
73.2%