Boletines de Vulnerabilidades

MSA-18-0017: Moodle XML import of ddwtos could lead to intentional remote code execution


Información sobre el sistema

   
Software afectado PHP

Descripción

di Michael Hawkins. When importing legacy drag and drop into text (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.Severity/Risk:SeriousVersions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier unsupported versionsVersions fixed:3.5.2, 3.4.5, 3.3.8 and 3.1.14Reported by:Johannes MoritzCVE identifier:CVE-2018-14630Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=376023&parent=1516118

Identificadores estándar

Propiedad Valor
CVE CVE-2018-14630.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2018-11-16

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT