Strike ID:
E19-0jv11
CVSS:
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
False Positive:
t
Variants:
12
Year:
2018

Description

The strike reproduces a remote code execution attack on Moodle CMS platform. The vulnerability resides in poor user input sanitization for answer parameter within questiontype.php, when defining a new quizz of type Calculated. By exploiting the issue, a remote authenticated attacker may execute arbitrary PHP code with HTTP Server privileges.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}