7.5
CVSSv2

CVE-2014-3541

Published: 29/07/2014 Updated: 29/07/2014
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Repositories component in Moodle up to and including 2.3.11, 2.4.x prior to 2.4.11, 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allows remote malicious users to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

Affected Products

Vendor Product Versions
MoodleMoodle2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.7