4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
Moodle is vulnerable to remote code execution. A malicious user can update the spellchecking mechanism to point to a arbitrary command, executing the command when a spellchecking request occurs. Note: The Moodle developers are not going to fix this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.5 | |
moodle/moodle | le | v3.11.5 |
packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-3630
community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats