vulnerability
Moodle: Inclusion of Functionality from Untrusted Control Sphere (CVE-2021-20187)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Jan 28, 2021 | Feb 3, 2021 | Oct 24, 2022 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jan 28, 2021
Added
Feb 3, 2021
Modified
Oct 24, 2022
Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
Solutions
moodle-upgrade-3_5_16moodle-upgrade-3_8_7moodle-upgrade-3_9_4
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.