CVE-2018-14630

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-14630
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14630.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14630
Aliases
Published
2018-09-17T18:29:00Z
Modified
2024-06-06T12:11:17.794197Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events

Affected versions

v3.*

v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7