WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Input Validation Vulnerability (CVE-2020-10738)

Description

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.

Remediation

References

Related Vulnerabilities

WordPress Plugin Portfolio Gallery-Photo Gallery Multiple Unspecified Vulnerabilities (2.0.72)

WordPress Plugin mklasen's Photobox Cross-Site Scripting (1.0)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.38)

MySQL CVE-2017-3642 Vulnerability (CVE-2017-3642)

WordPress Plugin Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1)

Severity

High

Classification

CVE-2020-10738 CWE-20 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities