MSA-18-0017: Moodle XML import of ddwtos could lead to intentional remote code execution
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
di Michael Hawkins. When importing legacy drag and drop into text (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.Severity/Risk:SeriousVersions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier unsupported versionsVersions fixed:3.5.2, 3.4.5, 3.3.8 and 3.1.14Reported by:Johannes MoritzCVE identifier:CVE-2018-14630Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=376023&parent=1516118 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2018-14630. |