Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2018-14630

Published: 17/09/2018 Updated: 09/10/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Moodle

Vulnerability Summary

moodle prior to 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moodle moodle

Exploits

Exploit DB: Moodle 3.x PHP Unserialize Remote Code Execution
Moodle versions 352, 345, 338, and 3114 suffer from a remote php unserialize code execution vulnerability ...

Github Repositories

https://github.com/ra1nb0rn/search_vulns

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

search_vulns Search for known vulnerabilities in software using software titles or a CPE 23 string About search_vulns can be used to search for known vulnerabilities in software To achieve this, the tool utilizes a locally built vulnerability database, currently containing CVE information from the National Vulnerability Database (NVD) and exploit information from the Exploit

References

CWE-94https://moodle.org/mod/forum/discuss.php?d=376023https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880http://www.securityfocus.com/bid/105354https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/https://seclists.org/fulldisclosure/2018/Sep/28https://nvd.nist.govhttps://github.com/ra1nb0rn/search_vulnshttps://packetstormsecurity.com/files/149426/Moodle-3.x-PHP-Unserialize-Remote-Code-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook