Description

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

Remediation

References

CVE-2018-1137

Related Vulnerabilities

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Arbitrary File Upload (1.2.5)

WordPress Plugin Ninja Announcements Lite 'ninja_annc.php' SQL Injection (1.2.3)

MySQL CVE-2021-2002 Vulnerability (CVE-2021-2002)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Multiple Vulnerabilities (1.29.3)

Severity

High

Classification

CVE-2018-1137 CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities