CVE-2025-67847
EUVD-2026-432423.01.2026, 05:16
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 𝑥 < 4.1.22 |
| moodle | moodle | 4.4.0 ≤ 𝑥 < 4.4.12 |
| moodle | moodle | 4.5.0 ≤ 𝑥 < 4.5.8 |
| moodle | moodle | 5.0.0 ≤ 𝑥 < 5.0.4 |
| moodle | moodle | 5.1.0 |
𝑥
= Vulnerable software versions