Published: 25/07/2022 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle
fedoraproject fedora 35
fedoraproject fedora 36

Payload Generator and Detailed Analysis about CVE-2022-35649

CVE-2022-35649 Payload Generator (using Python 2) and Detailed Analysis for CVE-2022-35649 The PoC in python generates payload when exploited for a 0-day of GhostScript 950 This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 2004) This project is created only for educational purpose

CWE-20 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044 https://bugzilla.redhat.com/show_bug.cgi?id=2106273 https://moodle.org/mod/forum/discuss.php?d=436456 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://nvd.nist.gov https://github.com/antoinenguyen-09/CVE-2022-35649

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-35649

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect