Description

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.

Remediation

References

CVE-2014-3545

Related Vulnerabilities

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3583)

WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)

WordPress Plugin Cool Video Gallery Command Injection (1.9)

WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)

WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)

Severity

Medium

Classification

CVE-2014-3545 CWE-94

Tags

Missing Update Known Vulnerabilities