8.1
CVE-2024-43425
- EPSS 83.34%
- Veröffentlicht 07.11.2024 14:15:15
- Zuletzt bearbeitet 01.05.2025 16:01:21
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Moodle: remote code execution via calculated question types
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.34% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| patrick@puiterwijk.org | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://bugzilla.redhat.com/show_bug.cgi?id=2304253
https://moodle.org/mod/forum/discuss.php?d=461193