BIT-moodle-2026-26045

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2026-26045.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2026-26045

Aliases

Published

2026-03-02T08:50:23.910Z

Modified

2026-03-02T09:40:58.909355Z

Summary

Moodle: moodle: improper validation in file restore functionality leading to remote code execution

Details

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.9

Introduced

5.0.0

Fixed

5.0.5

Introduced

5.1.0

Fixed

5.1.2

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2026-26045.json"