Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)

Description

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin WooCommerce Cross-Site Request Forgery (3.6.4)

WordPress Plugin Custom Field Template Cross-Site Request Forgery (2.5.1)

WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.1)

WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)

WordPress Plugin Custom Field Suite Cross-Site Scripting (2.5.14)

Severity

High

Classification

CVE-2013-5674 CWE-94

Tags

Missing Update Known Vulnerabilities