CVE-2021-20187

Source
https://cve.org/CVERecord?id=CVE-2021-20187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20187
Aliases
Downstream
Published
2021-01-28T19:15:13.377Z
Modified
2026-07-08T22:14:56.183467Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.10.0:*:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.5.16"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.7"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.4"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "last_affected": "3.10.0"
        }
    ]
}

Affected versions

3.*
3.10.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v2.*
v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.1
v2.1.0
v2.2.0
v2.2.0-beta
v2.2.0-rc1
v2.3.0
v2.3.0-beta
v2.3.0-rc1
v2.4.0
v2.4.0-beta
v2.4.0-rc1
v2.5.0
v2.5.0-beta
v2.5.0-rc1
v2.6.0
v2.6.0-beta
v2.6.0-rc1
v2.7.0
v2.7.0-beta
v2.7.0-rc1
v2.7.0-rc2
v2.8.0
v2.8.0-beta
v2.8.0-rc1
v2.8.0-rc2
v2.9.0
v2.9.0-beta
v2.9.0-rc1
v2.9.0-rc2
v3.*
v3.0.0
v3.0.0-beta
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.1.0-beta
v3.1.0-rc1
v3.1.0-rc2
v3.10.0
v3.2.0
v3.2.0-beta
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.3.0
v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.4.0
v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.5.0
v3.5.0-beta
v3.5.0-rc1
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.9.0
v3.9.1
v3.9.2
v3.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20187.json"