MSA-20-0004: Admin PHP unit webrunner tool requires additional input escaping
|
System information
|
|
|
Affected software |
PHP |
Description
|
von Michael Hawkins. Insufficient input escaping was applied to the PHP unit webrunner admin tool.NOTE: It is important to note that this update is only flagged as a precautionary measure, as it may provide limited CLI access to Moodle site admins. This may be considered a security risk in circumstances where admins do not ordinarily have access to the server CLI and/or in some hosting situations where site admins are not considered trusted users. This tool will also be removed entirely from
More info:
https://moodle.org/mod/forum/discuss.php?d=398352&parent=1606856 |
Standar resources
|
Property |
Value |
CVE |
CVE-2020-1756. |