MSA-20-0006: Remote code execution possible via SCORM packages
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
von Michael Hawkins. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.Severity/Risk:SeriousVersions affected:3.8 to 3.8.2, 3.7 to 3.7.5, 3.6 to 3.6.9, 3.5 to 3.5.11 and earlier unsupported versionsVersions fixed:3.8.3, 3.7.6, 3.6.10 and 3.5.12Reported by:Paul HoldenWorkaround:Disable the SCORM package activity type until the patch is applied.CVE
More info:
https://moodle.org/mod/forum/discuss.php?d=403513&parent=1628593 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2020-10738. |