CVE-2018-1137

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1137

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1137.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1137

Aliases

GHSA-vxqh-mx28-7ghw

Downstream

UBUNTU-CVE-2018-1137

Published

2018-05-25T12:29:00.403Z

Modified

2026-03-14T09:26:26.891177Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

268abfacc54c4cbf9722c1502569b311c7caefff

Last affected

e25e165231ed061c4278ce3694d2e1e4d4d3d142

Introduced

b182239f21c38ea57cddb41b0c03ef3eb02709f8

Last affected

2a591e36a9783c364d1c55d8988b5630d073bc93

Introduced

b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5

Last affected

e786a591d538204fad37f188018f8c82f69a28f2

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

c485e424475b41d3ae55cc3c742fed9cd19a1e75

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.11"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "last_affected": "3.2.8"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "last_affected": "3.3.5"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.2"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.4.1

v3.4.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1137.json"