moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convert_configdata
function of lib.php
when restoring backup files which allows an attacker to execute remote codes in the system.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.9 | |
moodle/moodle | le | v3.9.16 | |
moodle/moodle | le | v4.0.3 | |
moodle/moodle | le | v3.11.9 | |
moodle/moodle | le | v3.9.16 | |
moodle/moodle | le | v4.0.3 |
bugzilla.redhat.com/show_bug.cgi?id=2128147
git.moodle.org/gw?p=moodle.git;a=commit;h=3e2a97a9ed8154b03b4eeac294051718f563f964
github.com/advisories/GHSA-2hmm-q272-xmhf
github.com/moodle/moodle/commit/6220f712abd0b30448e663e56493f9c7e300280d
github.com/moodle/moodle/commit/786a4956dde692ecc957f10684920fb748121d2f
github.com/moodle/moodle/commit/ab69d5373fa273a5064609cd672cc45a225ed4b5
moodle.org/mod/forum/discuss.php?d=438393