CVE-2021-20187

HIGH7.2EPSS 0.68%

Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration

發布日:2022/5/24修改日:2024/4/23

也稱為:GHSA-2jrm-gww7-wch2BIT-moodle-2021-20187

描述

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

受影響套件(2)

Bitnami/moodlefrom 0, < 3.5.16, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.4, >= 3.10.0, < 3.10.1
Packagist/moodle/moodle>= 3.5, < 3.5.16

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-20187
PATCHhttps://github.com/moodle/moodle
WEBhttps://moodle.org/mod/forum/discuss.php?d=417171