CVE-2021-20187
28.01.2021, 19:15
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 𝑥 < 3.5.16 |
| moodle | moodle | 3.8.0 ≤ 𝑥 < 3.8.7 |
| moodle | moodle | 3.9.0 ≤ 𝑥 < 3.9.4 |
| moodle | moodle | 3.10.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- CWE-829 - Inclusion of Functionality from Untrusted Control SphereThe software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.