8.8

CVE-2016-9187

Exploit

EPSS 3.28%
Published 04.11.2016 10:59:07
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Moodle ≫ Moodle Version <= 3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.28%	0.867

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html

Third Party Advisory

Exploit

VDB Entry

http://www.securityfocus.com/bid/94191

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-9187

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9187

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9187

EUVD