vulnerability
Moodle: Improper Input Validation (CVE-2022-35649)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jul 25, 2022 | Aug 3, 2022 | Jan 28, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 25, 2022
Added
Aug 3, 2022
Modified
Jan 28, 2025
Description
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Solution(s)
moodle-upgrade-3_11_8moodle-upgrade-3_9_15moodle-upgrade-4_0_2
References
- CVE-2022-35649
- https://attackerkb.com/topics/CVE-2022-35649
- URL-http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2106273
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
- URL-https://moodle.org/mod/forum/discuss.php?d=436456
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.