CVE-2018-1137: Input Validation
First published: Fri May 25 2018(Updated: )
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=3.1.0<=3.1.11 | |
| Moodle Moodle | >=3.2.0<=3.2.8 | |
| Moodle Moodle | >=3.3.0<=3.3.5 | |
| Moodle Moodle | >=3.4.0<=3.4.2 | |
| composer/moodle/moodle | >=3.4<3.4.3 | 3.4.3 |
| composer/moodle/moodle | >=3.3<3.3.6 | 3.3.6 |
| composer/moodle/moodle | >=3.2<3.2.9 | 3.2.9 |
| composer/moodle/moodle | >=3.1<3.1.12 | 3.1.12 |
| >=3.1.0<=3.1.11 | ||
| >=3.2.0<=3.2.8 | ||
| >=3.3.0<=3.3.5 | ||
| >=3.4.0<=3.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-vxqh-mx28-7ghw
- alias/CVE-2018-1137
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.1.0
- version/moodle moodle/3.1.11
- version/moodle moodle/3.2.0
- version/moodle moodle/3.2.8
- version/moodle moodle/3.3.0
- version/moodle moodle/3.3.5
- version/moodle moodle/3.4.0
- version/moodle moodle/3.4.2
- package-manager/composer