Lucene search
Veracode Vulnerability DatabaseVERACODE:4550HistoryJul 07, 2017 - 10:32 a.m.
Remote Code Execution (RCE) Through Deserialization
2017-07-0710:32:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Moodle is vulnerable to remote code execution (RCE) attacks. The library does not properly deserialize the description of an external badge, allowing a malicious user to inject and execute PHP objects.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 2.5.1 |
Related
cve
cve
CVE-2013-5674
2013-09-16 13:02:00
prion
prion
Design/Logic Flaw
2013-09-16 13:02:00
packetstorm
packetstorm
Moodle CMS 2.5.0-1 Cross Site Scripting
2013-09-16 00:00:00
nessus
nessus
Moodle 'external.php' 'badge' Parameter XSS
2013-09-20 00:00:00
ubuntucve
ubuntucve
CVE-2013-5674
2013-09-16 00:00:00
securityvulns
securityvulns
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for VERACODE:4550