Description

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.

Remediation

References

CVE-2014-3541

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4203)

WordPress Plugin Easy Testimonials Cross-Site Scripting (3.0.4)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8627)

WordPress Plugin RegistrationMagic-User Registration with Custom Registration Forms Privilege Escalation (5.3.0.0)

Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)

Severity

High

Classification

CVE-2014-3541 CWE-94

Tags

Missing Update Known Vulnerabilities