|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-02-01 | |
| Rule Name: | Moodle Arbitrary PHP Code Execution Vulnerability (CVE-2021-20187) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://moodle.org/mod/forum/discuss.php?d=417171 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://moodle.org/security/ |