9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.9%
moodle/moodle is vulnerable to Remote Code Execution (RCE). A local file inclusion vulnerability allows an attacker to include arbitrary files on a vulnerable Moodle server by exploiting a flaw in the way that Moodle handles file paths, which could allow the attacker to take complete control of the server.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249
bugzilla.redhat.com/show_bug.cgi?id=2243452
github.com/advisories/GHSA-5cvx-cwpx-9rjh
github.com/moodle/moodle/commit/73280a536fabdb2e9c2844e2a745e7ccff646f40
github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7
github.com/moodle/moodle/commit/8f8c4e3153329774f572b2691a746b8dcfd2ac1e
github.com/moodle/moodle/commit/af04de0f3cbf56f9dda0550cbc89dc31ed475e94
github.com/moodle/moodle/commit/ce38fda65125a7cd8d0521fc08254facea400d01
github.com/moodle/moodle/commit/ec07126d1b3f8702b1d8aeacd72eee38000dcb37
moodle.org/mod/forum/discuss.php?d=451591
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.9%