Boletines de Vulnerabilidades

MSA-20-0004: Admin PHP unit webrunner tool requires additional input escaping


Información sobre el sistema

   
Software afectado PHP

Descripción

von Michael Hawkins. Insufficient input escaping was applied to the PHP unit webrunner admin tool.NOTE: It is important to note that this update is only flagged as a precautionary measure, as it may provide limited CLI access to Moodle site admins. This may be considered a security risk in circumstances where admins do not ordinarily have access to the server CLI and/or in some hosting situations where site admins are not considered trusted users. This tool will also be removed entirely from

More info:

https://moodle.org/mod/forum/discuss.php?d=398352&parent=1606856

Identificadores estándar

Propiedad Valor
CVE CVE-2020-1756.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2020-03-31
Ministerio de Defensa
CNI
CCN
CCN-CERT