CVE-2020-1756: Input Validation
First published: Tue Aug 16 2022(Updated: )
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=3.5.0<3.5.11 | |
| Moodle Moodle | >=3.6.0<3.6.9 | |
| Moodle Moodle | >=3.7.0<3.7.5 | |
| Moodle Moodle | >=3.8.0<3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Moodle vulnerability?
The vulnerability ID for this Moodle vulnerability is CVE-2020-1756.
What is the severity rating of CVE-2020-1756?
CVE-2020-1756 has a severity rating of 7.2 (high).
Which versions of Moodle are affected by CVE-2020-1756?
Moodle versions 3.5.0 to 3.5.11, 3.6.0 to 3.6.9, 3.7.0 to 3.7.5, and 3.8.0 to 3.8.2 are affected by CVE-2020-1756.
What is the description of CVE-2020-1756?
In Moodle before 3.8.2, 3.7.5, 3.6.9, and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
How can I fix CVE-2020-1756 in Moodle?
To fix CVE-2020-1756, you should upgrade to Moodle versions 3.5.12, 3.6.10, 3.7.6, or 3.8.3 or apply the patches provided by Moodle.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.5.0
- version/moodle moodle/3.6.0
- version/moodle moodle/3.7.0
- version/moodle moodle/3.8.0