6.1
CVE-2025-67851
- EPSS 0.04%
- Veröffentlicht 03.02.2026 11:15:55
- Zuletzt bearbeitet 03.02.2026 16:44:03
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/moodle/moodle/
≫
Paket
moodle
Default Statusunaffected
Version <
4.1.22
Version
4.1.0
Status
affected
Version <
4.4.12
Version
4.4.0
Status
affected
Version <
4.5.8
Version
4.5.0
Status
affected
Version <
5.0.4
Version
5.0.0
Status
affected
Version <
5.1.1
Version
5.1.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.099 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| patrick@puiterwijk.org | 6.1 | 1.3 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.