vulnerability
Moodle: Inclusion of Functionality from Untrusted Control Sphere (CVE-2021-20187)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Jan 28, 2021 | Feb 3, 2021 | Feb 15, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jan 28, 2021
Added
Feb 3, 2021
Modified
Feb 15, 2026
Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Solutions
moodle-upgrade-3_5_16moodle-upgrade-3_8_7moodle-upgrade-3_9_4
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.