vulnerability
Moodle: Improper Control of Generation of Code (CVE-2022-35649)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jul 25, 2022 | Aug 3, 2022 | May 7, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 25, 2022
Added
Aug 3, 2022
Modified
May 7, 2026
Description
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Solution
moodle-upgrade-latest
References
- CVE-2022-35649
- https://attackerkb.com/topics/CVE-2022-35649
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
- https://bugzilla.redhat.com/show_bug.cgi?id=2106273
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
- https://moodle.org/mod/forum/discuss.php?d=436456
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-6451
- CWE-94
- CWE-20
- EUVD-EUVD-2022-6451
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.